{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:66a17202-2abe-540e-83b5-feabba5004c9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-project", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8ae40009-5fae-5f8b-b488-acc3f31543ed", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:010e28a8-8c97-553b-b71a-51398292c747", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cda40c4d-2d91-5b43-b416-df8b6ee9a54d", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63bb0475-d2be-506e-96c2-642a7d4b85b8", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86424c6f-6963-54af-a970-796c52062523", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:897269aa-1317-5fe6-806e-87b3e1086b26", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44c1be14-0295-5eb2-b0aa-bafe3ba7d220", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:999c2f20-b2d4-5597-8ea6-7191e4058e29", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:740e0de5-aad1-5806-8fc7-654c224c6428", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b599997-b4a9-591c-9592-35501c4fdbf1", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dcb08be4-8def-55ea-b368-94c6aa7b5b67", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92d062ff-13ba-58c3-bd9d-c7bb2c31c459", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e03ae50d-c992-5d2e-af9d-a8543b2a3282", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92d51e97-b66a-5a1d-82e3-9470bedd674b", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b68bd6e1-9fff-5237-bbf9-5281ce26353b", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71c21d88-4199-5b34-b6cf-8b1905a317cd", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ac44b10-ef8d-51d4-b8a3-36214ca45c5a", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c158c2c5-85ec-5a14-8214-a7714a6df923", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14b233d6-feb4-55a5-889b-bb3c68600221", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03219c4b-0b54-57c1-bba1-8399a3e32a13", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4c3a2c0-9a1d-5248-8a59-cb5aca9d5f85", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.1.tuxcare.1" } ] }