{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4d7c3203-fa25-5d62-a4e1-9281b77f220b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-common", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9b21ad13-c190-53a9-a53f-6a827a865ef7", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9228d30a-b363-5d14-bb6e-75b0e8c6cdde", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfc07830-a612-5f8d-8c14-fcd05786a8de", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bd8eb92-9528-5b95-bc7f-cfdd23b6a280", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66f6eb04-c842-54c5-9ab5-5dcd231c6550", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47853b3d-8af4-5fae-b592-c91b1af48979", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c332b51-6d1f-5a41-857e-095a53a20eaa", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a03623ec-7cea-516b-8f5d-7c456be985df", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7585953-3078-5445-8c28-026049c58c34", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2132dcce-cd89-5b46-8a24-340d69fe5c9b", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9096fff9-3143-5f59-8184-a2a0c5b06ba9", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c68b835-6ffa-57b5-881a-0fe9550f685e", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b404048-4e74-5f95-b817-5f225e7d5139", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:731ddfeb-9fc9-5829-ae52-15ffbef9a135", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5a94e2c-f5b6-5879-a8c2-757c55802933", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1b7dfb0-4373-5397-9178-f2fd616a69dd", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:013f7dcc-4f7e-5556-bb7c-a17c99bd7c4f", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec2a9bcf-12ca-5eab-b14c-370128d57a6c", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.3.tuxcare.1" } ] }