{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:618ad57f-e3b1-54ad-936f-5d3508b27eb6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-api", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8575ad79-e4e3-5f95-8808-1550adcf64a1", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb67f70f-c07c-5d9d-9169-0c0043d68fe0", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f37d13a0-d5d8-51a5-af62-f6ed8d5e7c86", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3efb5cf2-1ce7-56b2-94a1-07b49b30c3c4", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57b9fdfb-1ea8-5249-9af8-6e04fab6643a", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d8b3478-0075-5fca-b32c-eb7162310507", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0efbb63-4996-540d-998c-e8de1e4aa523", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18802fea-9367-590d-8de2-a33fc4aa34b9", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:848ac204-34c0-5d91-9ac9-d906339f3037", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28643f7f-493c-548f-a8d9-aa5d515032af", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:398e78b3-6d0d-53fa-b07a-0f4715b99944", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae18ecca-ad32-53fc-97df-0301893ca76d", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:649d6eae-78e7-5bec-893d-4f69e74f8007", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca771421-a019-51ef-83c7-ff106974fbad", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:585fe401-ec54-5e90-be5c-eef272f6d55f", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:809dcc8a-45da-50c5-b3f4-70e0e336174d", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d25a78e-f55b-552f-8d1d-f903adcc7b0f", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d24c80e-07d6-58de-af57-d2c9b11e3e78", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:985c341e-edd9-5418-907c-ba07768a5a9f", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea1dbe07-217d-50f8-9509-82c6cc4f24cf", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b99ca3d-7d92-5924-bae6-9f7040a5f9ee", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-api." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1.tuxcare.1" } ] }