{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8819e35e-c0db-5e9b-9489-7394846bd8d4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-server", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b20c8f20-e757-5a9d-b40b-17f375156f0b", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c6c2dea-753c-554c-a8cb-5591be445fab", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee3dfa23-dfc0-5aba-96b1-b7371c8177e0", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13d8d93c-bec4-5901-8d2e-39743710127d", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64db0401-b3f1-5a34-893a-3e0baa11456a", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab69f1fd-5925-5ec2-8ecc-067ecb5b5458", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd5d910d-21f8-52df-8c7a-dcc7f379357e", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3734d6e-6f5e-5a43-ac6c-8cf237de505c", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2330cc2e-1371-5e2a-ae8e-ebe90d8161e9", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec1889ae-e46f-5408-8060-c41a6a89e853", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c16371f-8473-58d3-9549-82c72287e5b8", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83c259f6-0262-5116-bd8b-7409f203263b", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1b8c5a8-931f-5732-b375-694c34399f5b", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fbb2400-7ced-5b99-b9e3-62a74cdd14ec", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07c12fab-fcf7-5f78-a420-d4d61b90d25e", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df020c9b-3111-50c8-b2e6-4d18aa851efe", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fbe3c77-4442-5107-bf66-fb81381ac84b", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d8a109c-2e13-5a9a-b7ef-7f99fa2ace2a", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c6b541b-fff4-5f8f-a427-689c73d5d671", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f99b8cc1-3953-519e-ab95-927184e5c8d5", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbeda83c-4037-5f68-969a-190450d3da6e", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.1.tuxcare.1" } ] }