{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e9d2560f-987d-598e-a7ee-c2616e01ffb3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1", "type": "library", "group": "org.apache.hive", "name": "spark-client", "version": "2.3.9.tuxcare.1", "purl": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ffe2248c-1c77-561d-b51d-d3df11e14e57", "id": "CVE-2020-13949", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-13949 is fixed in version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:050dceb8-8c8c-5ce6-a547-ac7fad662a50", "id": "CVE-2021-34538", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-34538 is fixed in version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c18d9ac-8587-5dea-95cd-f393ff200c40", "id": "CVE-2024-23945", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23945 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e72c9a7-297a-5eca-9ec2-bed08fa125e7", "id": "CVE-2024-23953", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23953 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e889a30-aafc-5bda-ab8a-e67507472a0d", "id": "CVE-2024-29869", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29869 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a8a825f-d907-5e5c-97a2-0b5e786af348", "id": "CVE-2024-45384", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45384 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7f2998c-e0af-51f0-af77-bcd2dcc52467", "id": "CVE-2024-45537", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45537 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cabbc79-992a-5403-b1d0-9970cc723030", "id": "CVE-2025-27888", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27888 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d7bead8-3f42-536e-bebc-22e052d3f971", "id": "CVE-2025-59390", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59390 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e1c643f-ae90-5d20-98d4-a6b837b8885b", "id": "CVE-2026-23906", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-23906 affects version 2.3.9.tuxcare.1 of org.apache.hive:spark-client." }, "affects": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hive/spark-client@2.3.9.tuxcare.1" } ] }