{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4cd70755-6a7d-552c-8095-a1c662b91cca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-project", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1f421bd0-a72a-56d5-b35f-a85e9d3625c4", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4ffecf2-5bc0-53da-b3a3-2b9be5b2233a", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cb09079-2f1e-5296-b5af-79b94168e01f", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9de6edeb-a8fe-5205-8c2e-c191f981c3a3", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80b8ac3e-da42-5aa0-83f7-948118f32932", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c5c78b7-8db4-5273-91ff-7add72b1aefd", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ff5b106-b58c-5e34-a853-99323e570117", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e39a7c8-e5aa-5dae-b75d-856a17cfb2b6", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2696ad87-690d-5934-81cc-741026273b0a", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20bd62e2-96f5-51cc-a3e9-c980c8368f7a", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:476faa70-f465-5919-95fc-f19c3452961b", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad586332-f060-52eb-9149-7105afebfc60", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e80dd241-a061-5a6c-a3a1-bc45663a5751", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:004cf45b-a3cf-52d4-91b0-cfd6deeadbfe", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b303a98-c7fa-5afb-8e23-16bd018323dc", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:288a3317-cb5f-5cd9-86a0-763f2fb861fe", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd89859d-539c-5b62-82c2-32b4c0218742", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ce76518-69c2-577f-be5c-314cfc26dbb3", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-project@2.7.3.tuxcare.1" } ] }