{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bd1c5147-f986-5ef5-8f09-74b2430d4fc4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-applications", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a99f9b0f-c4f7-5a73-bacc-d8219fbe8761", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29f66d6a-fe92-5dcd-bff4-91997ea0d157", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fb2de1a-2cb6-5e48-a36c-451696eb37f3", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:759f339c-2622-5e69-8d53-fe76c6711751", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47f3fcbc-8e18-5176-9a69-882d3beb0ecd", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c981f92b-0804-5227-9395-97ce6281b691", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea5dc450-853f-5046-a7af-bed68baaf0c6", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e1f3648-c6fa-5dce-87f5-96d85b123072", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50ac2137-97b0-5052-97b8-e193027aeb4a", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f6c02be-b8e1-57f3-9124-0615b57b3efe", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f086c0d-ac3b-509a-af35-ed5d19c58cde", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f73dd140-e704-5e55-88c8-9783720bcf2d", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bfd01e1-7cae-543a-b9db-de647a95beba", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65c1dc95-4ae4-5b08-91ee-8f6cf783d2e5", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81f667a6-f736-50a3-80ea-71e1798646ce", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09d7573c-e256-59fb-bc7c-264e95cfe0d5", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af4f6f98-4661-5eb5-9739-aaf2172d6461", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11fb5206-1f51-572b-b351-23fcd96c0a22", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4d22aef-0856-5512-932d-4744d640507e", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd4a7a29-103b-527e-aba7-df8239c53a1b", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40c17bb0-1af4-5eec-a222-205ed2cb0a10", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-applications." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-applications@2.7.1.tuxcare.1" } ] }