{"id":"CVE-2019-0204","details":"A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.","aliases":["GHSA-32w9-2qpc-5f9v"],"modified":"2026-04-10T04:13:30.586395Z","published":"2019-03-25T22:29:00.730Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107605"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3892"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/mesos","events":[{"introduced":"b3fd2e7ab26e118222fe18af4b92c53a3c01e6cc"},{"fixed":"1fee9b5365bf2424e4768dc1d5209c6c78dfece6"},{"introduced":"f7e3872b0359c6095f8eeaefe408cb7dcef5bb83"},{"fixed":"b1dbba03af23b0222d11f2b7ae936d77ef42650d"},{"introduced":"c7df5eadc075adcf525ea091f65786aaffb9b072"},{"fixed":"a40aab9d0642b883c52504b1672878dc38438f36"},{"introduced":"8419b870c571ac11825c883fa20ea3b7d4348d34"},{"fixed":"58cc918e9acc2865bb07047d3d2dff156d1708b2"},{"introduced":"0"},{"last_affected":"acefa90695a32f8e8d6361f8192a6522aeaadbb9"}],"database_specific":{"versions":[{"introduced":"1.4.0"},{"fixed":"1.4.3"},{"introduced":"1.5.0"},{"fixed":"1.5.3"},{"introduced":"1.6.0"},{"fixed":"1.6.2"},{"introduced":"1.7.0"},{"fixed":"1.7.2"},{"introduced":"0"},{"last_affected":"1.8.0-dev"}]}}],"versions":["0.14.0-rc1","0.15.0-rc1","0.16.0-rc1","0.17.0-rc1","0.18.0-rc1","0.19.0-rc1","0.20.0-rc1","0.21.0-rc1","0.22.0-rc1","0.23.0-rc1","0.24.0-rc1","0.27.0-rc1","0.28.0-rc1","1.0.0-rc1","1.0.0-rc2","1.2.0-rc1","1.4.0","1.4.0-rc5","1.4.1","1.4.1-rc1","1.4.2","1.4.2-rc1","1.4.3-rc1","1.5.0","1.5.0-rc2","1.5.1","1.5.1-rc1","1.5.2","1.5.2-rc1","1.5.2-rc2","1.5.2-rc3","1.6.0","1.6.0-rc1","1.6.1","1.6.1-rc1","1.6.1-rc2","1.7.0","1.7.0-rc3","1.7.1","1.7.1-rc1","1.7.1-rc2","1.8.0","1.8.0-rc1","1.8.0-rc2","1.8.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0204.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.5.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}