{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:90ecae35-d2ce-544c-afa9-21fdce635036", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-maven-plugins", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:46547db3-7107-542a-8b06-0885368918f8", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:811ca79c-39af-5daf-b4b3-227d261d1714", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e0e15ef-155d-5055-8aab-28ee8b4138fa", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0d04f93-e528-564a-860f-07fa888d2403", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5882dee-588e-522b-93bd-509544057118", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70d128e0-67de-5553-8264-ebe56b934cb4", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:687b46b5-b33a-56b9-85d0-a097f49c7db8", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b7b7285-9f9e-5be8-aac8-6fb8aa1811d8", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:daa0a379-8a03-56a1-83a6-5031183bfa7d", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dceb979-49cf-5891-a443-38478bc1ff76", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31546185-bd5c-5384-b679-f77834db3274", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6140e19-761e-58b3-b1bb-ab332321d13f", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75ddd7dc-c72d-52aa-91ec-2e5aadc0dff4", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f488b433-0c53-5668-8af7-7118e4daf5ec", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb81d303-080b-5ef7-a878-89ec91ea23f9", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:879a1520-0e90-560f-a421-15f50c576957", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95a205d1-9ba1-5b46-a752-e8be494adddf", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8393813f-7a50-5fb1-a7d0-290cbb074b24", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-maven-plugins." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-maven-plugins@2.7.3.tuxcare.1" } ] }