{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3f7b3493-0ef7-5a44-a6d0-fbde66958618", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-server", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6c7609eb-c80b-592f-8c4d-4555f5809864", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6a14b67-3df0-5f96-a13a-94a7d80376ca", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35db75d0-f791-5786-8ea9-9a45251db1fb", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bd5311d-4594-51a8-8f79-8aeac8f5385a", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dab363b6-a3b8-5d7c-a3a3-bfecc066173e", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f6afa84-9536-5d35-ba26-d9c587e10941", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cee1e37-ac79-5abb-9488-0f1b2295da7c", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51389721-972c-5cb1-b475-a345f26f59c9", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80a2b25a-620f-5edb-bda5-4fc5f3eebcc2", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3484434f-fb41-55e8-a773-76c36ad9fc8c", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1266f4e-d9fa-5e59-a234-62f8ddac1856", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af00d575-fd42-5d49-bf0c-d4e83f8f8b2e", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07dabf61-5d1d-59c4-8096-06faab253a51", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8542972f-a0a8-5b0f-90d4-a24dcd83f471", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05a3c98a-f1cd-5a39-8ee5-1dc5513f2e4c", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:968c9e1e-7921-5a22-ba79-50167db0be66", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5ea78b5-d31d-50c2-8ade-b4de749c36ac", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:011e1e23-d4d8-5957-a963-0ec5798fb2fe", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server@2.7.3.tuxcare.1" } ] }