{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ef6eaa8d-55c6-5b93-b8c6-90cc8dcaffd2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-client", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b6f446ed-77a5-5152-ae01-dcc60ad13fa6", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adf7d1e0-5ceb-5d26-9bbb-e8dd730f4e7c", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4ddddec-e4c4-5d53-81b0-0edbe9e7091a", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86cbf6ec-430b-501a-9af3-b794ef75a050", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de044611-214f-5d4d-bc4a-17b14771272b", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e487e616-0a3e-5a67-93cd-d1be53be514a", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b8ac8f5-29f0-543d-9f7b-ce11c9ffc667", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40f6adae-238c-5f4c-87c1-7918c8bae942", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:159a3ef7-d118-5775-bfc7-4afe63c30a4e", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebe0cf84-8518-5450-9f89-ce33ace8642c", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9cd260f-277a-5577-a1e0-c3e4c04a9c2c", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b7a9178-9116-5464-bce0-28dcb56d016c", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14a7be3b-80ae-5ab6-92c5-6442eeaa3f4a", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bea12197-42bb-5d4f-a988-653cba843a72", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97e87acb-1f7b-5d95-8293-be247dd27734", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c86f993-a423-521b-ab75-128e63577694", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f65852b-f1af-5ebb-abef-96fe9c518bc4", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8c3a795-a9f6-5165-a8cc-8ad6fffa2c0e", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-client@2.7.3.tuxcare.1" } ] }