{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:26c257a9-cbf9-579c-9df0-46c72659c673", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-server-common", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:74b4cc20-b1e2-570d-9733-484d753819da", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6654d94b-451e-5db7-85d5-1e66b0aa6966", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:570a3ee0-815d-53ea-81c8-2b7ff0fc58a4", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7221ba3a-4985-55bb-a990-de4f515911ed", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd891005-197a-5fdd-90f2-d5f60e79ba27", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67ed0026-863d-521c-b163-069812e7db02", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0fbd7c3-b858-5b5e-9995-584d5b9ea535", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57f52185-5410-5fb1-88d6-a44889532ca3", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51a4fdbd-350b-5882-beb3-117f58f0b979", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31ed9ae1-a136-5efe-afef-4a121a1cec9a", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:656dbb43-01db-515f-8af4-ed491cc988cd", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:369967a4-69fd-58c8-a051-9faf677228ac", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9f1837d-01d3-5df0-8cd5-c04b6966eeeb", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc365bde-8730-5992-afa1-2db45134a84a", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0000b6c9-07be-5b03-bfcc-3adb2a2b2ece", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90bd8fd7-2c08-5fbc-916e-27cbd9a8ebae", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd8d65f7-0888-50f2-9169-988626872c7d", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e59e9b1-c90f-5c80-9a22-32f9b7bf5fe6", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-common@2.7.3.tuxcare.1" } ] }