{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cf81ca70-7253-51e6-8f54-962a52219509", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-project", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:204c0f40-44f8-549d-a74e-447c796300f7", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:119337f4-1980-50ca-b96e-5d2928fa6a6b", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12e42e5a-d929-5021-a6df-6f6c9fe93100", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:feebda31-fdaf-5685-9948-6e6ac30f226a", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d876684c-e669-5c4b-82fb-4fa20452d39d", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c5f92db-ab48-5532-bc63-c510c03a26be", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de943243-e834-5803-8ae5-09ac69314de4", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b296453-8ed8-5616-b34d-59430527f4f0", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb1f9c3b-6688-568b-bbc5-91d864bfbec8", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6772e603-4b64-5c1f-89f2-e816b39efcc1", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10c414d4-0ee1-5126-b8bb-a0619eff0616", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e933a65-fbb2-5af2-b4f6-8a9d0f53e0a3", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07838012-c09b-55d0-a7ac-d11ac5caa0a8", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7799abcb-9dc5-576c-9c1d-ef58bd1b4fe0", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60690942-2243-5ab7-ace0-c5ef8181a07b", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f1ec6b8-a411-57f9-a50f-f30b6b4330b0", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e98438bf-83df-5a54-b3f9-f03a649e86c7", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2c75634-2a69-5ff4-9eb2-826f2293e39d", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-project." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-project@2.7.3.tuxcare.1" } ] }