{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c0240d9-f7c5-5648-a21e-25066e548114", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-registry", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c6b2adc1-8557-5096-a90a-60c650c23e4b", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2abb570-6787-527c-9289-84215baa36ec", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:885a4494-5806-509e-bf83-87bf94b422dc", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94b07d68-6343-5223-bb34-27611f2fc5eb", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa71b0be-f6de-5e74-9854-372267e38767", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09c182ca-41f7-5738-970f-5e81cdaf160a", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0203bd64-3c18-5091-ae9b-c07d61e7e3ef", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73953c97-fb3b-5e86-8e94-223c6d4e8f7f", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fd459df-8ecb-53a9-af39-95338f1a384c", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:338fbe89-3e9f-59fd-9a7a-be3f8dd903f1", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87fff4e8-867d-5552-9ae4-4237841ede97", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c71bea01-d1fd-5e2e-a90b-39b88a899581", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:958c83de-813b-5990-b9e2-a6b8fae47bac", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af3134d1-6793-5cb0-8873-4897215960d1", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:520478df-c603-5255-b417-4c8b612f3f22", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5456b019-1f34-5efb-94a9-0c3b04265285", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a597c583-32b1-5b8a-baf5-21b12cc8b609", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb22f5fa-0d2b-58fc-aa29-10c127527cbe", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7066e684-a968-579d-b4da-610143e61661", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc707cc4-e8e3-55d0-8cfa-7bfb305538d1", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fedb5b4c-04fb-555a-9e66-c6553ab1c995", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.1.tuxcare.1" } ] }