{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d44726a9-0d09-5e04-998c-5db47e8b1e06", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-maven-plugins", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b33ff3ed-48a7-5ae5-92ac-1407ac967e65", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c78b4d76-13d5-5aa6-8bd4-fd1bcf4c4b81", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb913f97-3e32-5f69-9d9b-f22a68521c3b", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75077b55-320b-5453-b5ba-f189e0114424", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b814db61-1f05-55a1-8cda-b06f239200f3", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24879ca9-bbdb-58eb-ac92-ac575e5880eb", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b12335e-b9ba-5ac6-a605-315efe73d0d9", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6498ea69-4542-5d99-b322-8183ac088c86", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4de318cd-da03-515b-b519-a190ce99fab4", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bcf4a16-934e-5574-b92f-7fecb54d922c", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7aab6e8e-c965-56cc-a439-3b55aff79483", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab0870d1-3dd3-5d32-b124-9d642a0e923a", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85ed8211-443d-5bb3-bdef-a2ad56a9db5d", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3dc6227a-af0e-5929-8f61-dbdfb5314838", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cca2fd4-14fb-5d72-b08e-6463c5c730a9", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da8b35d7-c1dd-5e0d-a70c-5f494a3250ff", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae0f5f57-b0ae-5782-9820-cc157cb4454f", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:276dea87-daa7-5992-8530-bc1d2e39ef8b", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8414b5f2-2d11-5e35-b689-61b88492d238", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f751d78-4ff5-5822-ba3e-d39cb5ef7ddc", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a1a832f-a458-5364-993e-caf02e999934", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.1.tuxcare.1" } ] }