{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2093062d-349d-5652-ac6a-a8e53e34ca6b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-assemblies", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9d493d03-c988-510f-b89a-ef10441d63ce", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78d0ca99-9436-5595-a558-57beb0f50e82", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44d81b76-0402-5c00-9c95-b955beb653c8", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d69e23d-314c-5146-b09c-2fa056a90b89", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04cf088a-dee3-5d9d-b438-c944fb8c1f66", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c350bd0d-e386-5fb5-8cf8-26f3e0c67e1a", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02b2f0ed-81da-5433-af97-0d57e60d79ba", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b882319-368f-5651-b965-6b87453c81a5", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35f2f2ed-d542-5958-a04f-f1522a29c081", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d57f885-ddcd-576a-8f74-e787f5c23fa5", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbaee16a-d678-5d25-b847-705bdb7bd811", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d2f6025-e8e1-513e-a532-6928729a3987", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6028e5ae-4e25-5c55-9d7e-0684f0465723", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e51d581-df86-530c-9a65-60a92099bccf", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e994f181-8685-5a8a-9b05-acaa4bdc76ec", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a315d45a-0ee8-50b4-a7dc-53e2780a3dde", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77502881-ebb2-5828-b827-2546d17b1373", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7797ec23-6ac6-54bf-922f-b8cde0209c04", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73582d88-b627-528a-b9a1-63455ba543ee", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57f747c6-1497-5199-b20d-a6915b9b031c", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ca7b832-f8b2-52b5-9dd7-369c45cdb755", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.1.tuxcare.1" } ] }