{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60a9c3b3-75d4-502c-84fa-6c30858454db", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-client", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e03c2165-3c28-51fb-990b-1d9e42ab0744", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9900b2a7-0dac-54ad-960a-493265d1ebbe", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdebe087-0d5b-56fc-a340-beb44ba223dc", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18f63ca5-d6b5-5700-9c0a-df81c5cac641", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a33cc96b-3c8a-59f8-87cc-bb9331f242ef", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:647ce1a5-2fe9-5599-a3d6-3584ef0d07bb", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:514e6c3f-5ffc-57ad-8393-0c0854813df8", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36433e32-4f64-5936-a70b-4191eae360cf", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3905a81b-a787-5c3e-8c42-2cc569b37f6c", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe07cb72-e9b3-55e1-b4bf-466cdf10ff4b", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c5f2df9-02bb-54c9-b478-8da59cf10ee7", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7208384-016c-527b-8810-a93d85a4aeac", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aee55642-20ea-5368-9c4f-8c137c454df7", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e957a9d-0062-5b47-94ce-74d50c5924a2", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74219d30-1485-5101-bfd3-b1690026eb0c", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a087724-36c4-5e76-8816-499f261c505e", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e101ddaf-02b5-5246-ab78-f07c6f76cf4d", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d0780b0-8760-509c-ad8a-8b3e091f7945", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.3.tuxcare.1" } ] }