{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eba787a1-893e-544a-bb9a-ff95da773352", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-client", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b99d8272-e5be-5178-9a3a-14cda92d5a7d", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5f50d4b-b31d-5605-b5c2-7927787a195d", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d46d745-527a-5119-9243-50e595c3e5d0", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d0e498b-1418-5dcf-98ca-ac792b3b2f72", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28251111-0076-5caf-ae31-41a8a19796de", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36f0d387-64d8-552c-b882-eba587b54737", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03800e33-6394-5750-9329-b4bc76824370", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69e99765-c1f0-5065-92cf-1b1dc62ac9a2", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6e77879-4f28-5b70-a95a-5f68c9a952ed", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dcc9244-2c8d-5c78-b485-10160ab87001", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b61aefa-45fb-5338-8f18-1e872606c8b7", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd43ed15-3b66-5bb8-9eb5-bbbc4106a9cf", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:167af0ba-4272-5b71-bd11-b131b19bf4ae", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23c05e73-68e7-520e-9789-651ef613d0ea", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b658abb-c36b-5807-8b57-5bab47ac792a", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e654a511-2244-5bd1-ba15-bd8406a6e5e1", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c7d1e2e-c780-5f71-82ab-c7da6df2060e", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c35ea6a7-a3c7-5615-99e7-36fce82b90f2", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23e09b53-d70a-595e-a1c5-083a7e78145a", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8af89ca-d033-54a4-a064-f57fa9bc2de4", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7efefe0-2c00-5ef3-9fe2-15711e950637", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.1.tuxcare.1" } ] }