{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4d70d511-9833-5341-8203-765a3b75974b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-client", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:83bab3a1-f78c-511c-b9a6-730150b7e530", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2efdbd9-b161-5f9c-b3cc-9eeb0b552151", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7212b10-bcb1-54f0-bdea-f075adaca6c9", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4706c9cb-29a7-5ca8-bef6-f4af178c9cdd", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41cf8150-f729-5b09-baa4-189d7f2258d7", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4058fdb6-3168-567c-bebb-df04ce138651", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ede82a3-0869-5be4-97b6-ac753a09802a", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be6b2254-dfb2-5578-90d5-8d318706d32c", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ca9335e-83a6-5350-ba38-0437fcbbf4d3", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d99700b-e27d-5c43-b53a-3bda119b646a", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e848faca-cb07-55e9-a6ce-0b0c5c2c90ca", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:851aec95-ab52-59dd-8e46-a1d2f12db16e", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1df2610b-854c-5c23-b4da-dc43ad5eefbb", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c43b6171-6df7-5ebf-a881-9ae0034ae753", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98fbf246-0798-5e4e-9cf9-f2a0522df0cd", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6d58c16-b16f-5e7f-afd1-9e40d9b1f316", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2eeb4ed-de34-5296-aea4-b56d8adfea57", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9949eff9-88f7-5e2c-b217-d8eca5ae9321", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8654a1be-323d-50dc-a708-516c7713f124", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e66f1055-3a68-5669-8e27-cf80ced7374c", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62281cb2-c32d-5061-a29d-797ff7e70c2d", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1.tuxcare.1" } ] }