CVE-2019-0204
published 2019-03-25CVE-2019-0204: A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apache_mesos | — | — |
| apache | apache_mesos | — | — |
| apache | apache_mesos | — | — |
| apache | apache_mesos | — | — |
| apache | apache_mesos | — | — |
| apache | mesos | — | — |
| apache | mesos | >= 1.4.0 < 1.4.3 | 1.4.3 |
| apache | mesos | >= 1.5.0 < 1.5.3 | 1.5.3 |
| apache | mesos | >= 1.6.0 < 1.6.2 | 1.6.2 |
| apache | mesos | >= 1.7.0 < 1.7.2 | 1.7.2 |
| redhat | fuse | — | — |