{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:179f91a1-89dc-541d-85ad-bcd828c06d5e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-aws", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a0442f18-46c0-5a35-bca8-dc15d3039e6d", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:914b51a7-4be7-5561-910a-01865cb0f247", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc295f49-01b3-523a-a80e-2d5cc59803be", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3adfa7af-f6ed-52b9-acae-5a0dfce0d0a3", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6790de0c-04c2-5974-a5b7-3ca9432bf1e9", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f550884c-6c58-56af-8430-f4dded0f06c8", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e6d51ea-f92c-5776-9cee-1438963393f5", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad9c675c-d9b3-5b23-abf1-b49a9d525ed1", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3479a31-fd79-5685-b0c5-ef944f491836", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f3cddde-6ce7-53fa-925e-65db86ef8b56", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b48cd0d0-5ab8-5890-9644-d399e1725efd", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:425c3395-3cdc-550a-8799-10bb351ea62d", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca153db7-45f4-5688-b9bf-530e40e34a25", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b8e4970-261e-5959-90bc-8acbe075a0b7", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3167a0fe-8a3c-58fa-a907-fc273895ba5d", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36415043-46d0-5e39-964d-c3014e9d2902", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6ef2468-1ed0-5110-a9a8-8b0768791f9b", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bb50d5a-f25e-55e7-a6eb-55ce1d4b5891", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a842e4f-9797-5b2e-9318-f3854415437c", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:451f3d6c-ccbb-5b11-b870-781f8dd83985", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22377466-c3e9-5b10-a61d-4eb7523d6229", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.1.tuxcare.1" } ] }