{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:10cabe81-bcfd-5289-b0b4-6d3b53ed3248", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:49374ace-4b8c-55c2-a154-75529b262d64", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33017bb7-2052-52fc-ab41-c9167b8a7d52", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fb05bd5-af0e-56d8-a142-a050c9c20328", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef18b02a-37f6-5075-9ee5-1670ed6362c8", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2b13cd6-0c30-50cb-90eb-6834a2c8c60f", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d853fa23-db42-57cc-8f35-ea5deb85f72e", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e174b912-4fa8-5fd4-90a7-4de511c412a6", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26fbb40a-5a73-5ec0-bd0d-835d6854ebed", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e1afa44-76be-5852-bf4b-c22dad4a305d", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc8629f5-45f7-5a62-92a4-c71e813945d9", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33039caa-1b82-5e16-8fb9-4ffdff2167e5", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2155cf1a-debd-5db8-8e1b-b1f5ad797f40", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a42d8d43-6857-51cc-b842-4928f0b2d581", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aeaa9eb3-de50-587b-969d-f5d033546f57", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a23ad57a-e1b7-56be-9abe-7e0ad7d0e358", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f67512d4-1698-54f7-b086-325d3bb07b66", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08e57a82-9ce3-5913-990f-11538d7a43a1", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8135ca14-9213-5ed4-8234-dae72e5d05c6", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd67f75b-feb6-56a2-a63a-86b0c52a4160", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e364d9e-33aa-51b4-8bbe-016b5fa40450", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8991df0-b481-5046-a5a3-a7b018d9ae8f", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.1.tuxcare.1" } ] }