CVE-2019-0204: Improper Input Validation

March 25, 2019 (updated November 15, 2019)

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A malicious actor can therefore gain root-level code execution on the host.

References

nvd.nist.gov/vuln/detail/CVE-2019-0204

Detect and mitigate CVE-2019-0204 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →