{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c078d47b-d2f5-5e83-952c-80bbd70ed715", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-assemblies", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6820d172-9b70-5ac5-9b6c-51ab8e90f495", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61949c7b-412c-53b9-a2f3-574d91d7bcb7", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d529c1f6-1e48-5775-92f6-5489013408e9", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3cad8ee-39a9-5a43-8f53-8f7580ae9d9d", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cb85f1e-789c-5324-b8f3-a58bd973d78b", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c84be981-32bd-57c1-af45-50d901b09ff4", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0235834-8bf1-5279-bf47-1ba2bd8f05c5", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1048506-d739-54ba-83f7-843411d05b31", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9daf4b0-dd85-563b-bcf3-bb747e38d0ce", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da0e2414-4f0f-5aa2-9cd9-46e38f6cb04a", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c5d3253-7cff-5a15-9afc-f57fd5f7fba1", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d36a5dde-a8ae-564a-9656-63fad9e85338", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bae43bf6-df11-5d60-a897-1aef987e1070", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1871a9e-1c47-5317-83fe-621c5486e14f", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a023442-b0aa-5608-a224-b860c77d96ef", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19a063d3-50c0-5997-ad90-efc4f86c1c66", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1acd89ed-65ec-59b7-b117-786b02393cc3", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c5b412c-b129-5823-8701-fbad84776f15", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-assemblies." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-assemblies@2.7.3.tuxcare.1" } ] }