{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:be18fa74-7051-57fc-bfc2-c08bcce0420a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-common", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5b697b8d-8a68-5c73-95a3-4da44b494cdb", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5426f4-8693-5d05-81f9-348d28707e25", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:221fabc8-62cf-5926-926a-23bdfc424852", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:133934b3-2c61-510a-8a0c-38fc17c61e43", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2604443e-9eb6-50a5-9e1b-f148d31d4249", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47164d2b-580a-50f0-9f29-42e6c7b86f50", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3de301df-e6bd-5b18-b01b-d2da4013ab60", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10fca150-382d-5cca-8ba6-b37670a7a5d3", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e7a4f11-41cc-5fd8-aff1-d124073075c3", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:276b71b8-3f12-56eb-b1bc-f7457c263f33", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aeb3fdc3-6a04-53bc-bb3a-83b6554c9583", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cae01d4a-7829-5189-b408-cb34e4e805c1", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abe539c9-4168-50c6-8a02-8d8cfd72f18d", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f96f5b03-f9f1-515a-944c-7b996abbb56d", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0d6af59-1a96-59b8-9f62-215179c481ba", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b06f244-8654-5721-833a-23b2a608895f", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6422107c-b80b-5717-a268-290a89feaa0c", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06e179b7-0451-54dd-8412-8a5b6a43cfba", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.3.tuxcare.1" } ] }