{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bbbf3c9c-5106-5d8f-af7f-274644179537", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-azure", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:02bfde32-3e84-5290-9dd2-79b93ae9a3b8", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40ab49c1-ddfa-5fa2-a663-b7ade60e786f", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01f74a23-21d8-57db-91f6-91acbf7ccd26", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:219e729b-70bc-5bf5-9797-d73cbfd571d5", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69979284-33bb-5095-a95f-c133054a28c0", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5798b98a-3450-573b-a668-0eee9f540cea", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe35baa4-86cc-5e6f-a0de-ec1581d5e3a8", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b5654e6-3da4-53af-a85d-c5d40f89d82f", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c928826-b055-544e-8e9c-51f2822abaca", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27b31960-d555-5a07-ade1-86504a56d3fc", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c302a047-7265-5323-8107-215e19be3a08", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5619e9d8-2b3a-5485-94c7-18a6e2bf395f", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8081a7ce-6ec1-5854-95f2-4a9c30230a11", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca895ebc-6024-55a0-a219-82e1a509f6b9", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9399cce-93f9-5c1f-9f54-03e91ff9a2c1", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d784b731-48b1-5727-abae-7a8e4c53f0f4", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b38e3510-91a8-531a-bb15-4f4c6c6fd2a8", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c259f81-a7d3-563c-8c66-af11a3475408", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-azure." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-azure@2.7.3.tuxcare.1" } ] }