{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d8c34583-78c8-54a7-a4a5-dd06251da062", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-project", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cdd232af-d4cb-5e02-bb5e-8379699f09a5", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1735f29-ca59-596c-957b-60f6ff842ffa", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e17d0423-f2b0-56f6-86a7-07d8b6be0955", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:256c7bee-07ee-53f6-a9fa-1b9ef52ebf2f", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7696924d-61ad-5f6c-bfee-74ce593b42d7", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42d51d22-b549-531c-98aa-b03a56ea96bb", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbbe961c-fb27-5c76-994a-48c49cea6b1f", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:755c5cf2-6ab9-5771-8c5c-70a4f13d5ea1", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55d8d86a-c5c1-5d05-a2db-b1b6c9227ef4", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6869c639-3bf5-5e5f-b12b-cc1d511e9250", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95e1301f-92be-5be9-81ed-a97392f9ca56", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e078677e-a9c3-502a-a95c-759c9beea1c1", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97d25796-5435-585d-a447-57640f802b3e", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f82d2d7-bef9-5caf-b4fa-5d5d26e1d282", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a69c5f6b-9b30-5e8d-9cba-41793ca5d24a", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c125ebe-a80d-56c5-955e-fdd0b01a0633", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f5d307e-84ba-5690-b794-16cce75be16c", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c01d93f5-0904-5dc0-8500-4e7af46cf74e", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4de05d10-ea41-5f3f-820e-fc92215475d3", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a220412-b39a-5fd7-9440-f081a49e2088", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed62b914-bb62-52d3-862a-5831acac1232", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.1.tuxcare.1" } ] }