{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:91fa714c-72af-5c27-b526-a8c0e9fb741c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-aws", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dd1ea7d7-a0b4-5ce3-9fd1-eb13e2b6bfb7", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0ac987f-92fc-56c9-9644-3f459f34a007", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a67edce-da0f-54c3-b218-86e33aaebe41", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8775f647-dbe9-5522-ab8c-be6e572664cd", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f9a3f3b-eaaa-5368-a945-6c7eec884beb", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc2c71aa-20b7-5160-9860-417d429187a0", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a62810b3-51f2-5414-9249-a94269356924", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6f3701e-76e8-5fb2-ac44-3911cf39489b", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86ea4e5b-0f76-509a-88ee-510eaf17dadf", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5a1212d-6211-56b5-a633-16620a636924", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d26d4f7-a2d1-5f35-b499-86204c7cedc2", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a46b0f5-7f6b-5f28-82ee-b43077891f96", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7fb63ce-a5ed-5eb5-af96-330a68d1a16f", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0784edaa-0430-5ea2-b096-9ac666bf556b", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b464c228-25f7-57f2-ad60-3995b71ce9cf", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1684f2b8-5552-5a13-9605-7072209126f9", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3fe3dc4-5bb6-5727-9cc6-3714ac6173d6", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa49a53f-ca28-585e-81b5-d5a787a98893", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-aws." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-aws@2.7.3.tuxcare.1" } ] }