{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5e9adcc3-e100-5cf1-9eca-45349ca691d8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e1cefea4-b8c2-5776-a789-57d7d60c0de5", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6571bc07-19fc-5efa-9b49-f0adcc4567f0", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87778496-5727-5912-a785-474f20c22814", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c98d5a62-8602-54cf-96d5-63f00c2cf65b", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eac01946-4399-52a4-bc6a-635148bbdfa4", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62311e9c-eb49-5be9-b84c-5d6d2f254779", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2f8f765-9455-54ea-ba8d-88b5d8373b8d", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:418d06bd-3fe0-5f08-8334-242d8b02f7c6", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4ea5db8-a1f5-50ab-9822-4188b9ecfe92", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1809baa0-f02f-53f3-90ab-f4b56803c5a2", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f143c70e-f2ec-54d5-ab9a-d720cf65ced2", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4db94e72-596d-5881-b6c2-40e985aec3d2", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e5f9811-2c1e-5007-b94a-414593519253", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77ce4f67-0eac-5356-bfa3-3483b7f78f4e", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:614bd638-ad8a-5a95-a8e7-3a3f3dad9d11", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f66f675d-ef1f-5f49-8593-b38e1b51a5c2", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6c868e0-ce95-5eaf-a5ee-984509a60f66", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0140a7a-71ae-5212-b5a1-2786a94f85e0", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-yarn." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn@2.7.3.tuxcare.1" } ] }