{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:95c41d3d-1965-5337-ad2e-67b592929300", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-registry", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e6261d6e-d5c7-56be-a530-764271b87b1d", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3e6ccd9-8e0e-56cf-9d21-d0e7bae70d40", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e37017d5-d8ee-5d8c-9af9-5bcf9aeb1112", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bb5b3cc-c401-5fbf-82e3-e9111f1e4322", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fbc49b9-7555-51f4-a31e-f9bad806b672", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bf8e984-80ce-586b-80e5-ff250dbc0904", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:948ec842-59b3-545d-8477-5cb16f11565e", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:785c8815-f90c-5cc7-9ce0-a790ff7b6b7d", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d101f59e-3c46-5b82-b5f1-12236c46649b", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cb7a3df-03ce-5468-9146-15042a1aa883", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37671396-2dab-5f33-800d-c037b17ec456", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4caae979-1efc-5843-ad50-48e0a7bdf9c0", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ebc3bc9-5269-568b-9e4c-122bcb254651", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2554c237-c371-5559-81ce-385eb049bea6", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:218d4e26-dc89-569d-800c-04e851300842", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccbb856c-e4c4-5398-8973-2167dc366a2e", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c406341-3b81-578d-aff8-85b98ecc4a06", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8092d207-e1a5-53d6-ac9a-ba4194413d18", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-registry." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-registry@2.7.3.tuxcare.1" } ] }