{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:71b89350-711e-564c-8d16-b1eb3b345266", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-common", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f5646f49-2cf4-5209-a658-166a70ceaf03", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43b7ad4c-7e21-5a86-8b8c-700fbbb233dd", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf197309-7acc-5e36-978b-01ab869dfd93", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d56e664-dbfb-55de-be53-32ad893c52a2", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5d549ed-c936-5ffd-82cd-edbdbd4596a4", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa53b756-a9c0-5b77-aeb9-44333bdddbb1", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5dda14b-e29c-554f-ba17-c411b407a6bd", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17062a77-8610-5938-b854-b7d9026b5ace", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4032dc15-9856-5920-a3ee-21849c9c8c45", "id": "CVE-2018-11765", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2018-11765 does not affect version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common. 2.7.1 is not affected. The upstream Apache Hadoop security advisory (https://hadoop.apache.org/cve_list.html) explicitly scopes CVE-2018-11765 to 2.8.0\u20132.8.5, 2.9.0\u20132.9.2, and 3.0.0-alpha2\u20133.0.0, with fixes in 2.10.0 and 3.0.1. The 2.7.x branch is outside the affected range per the project's own advisory; NVD (https://nvd.nist.gov/vuln/detail/CVE-2018-11765) lists the same ranges. No backport needed." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91477dd3-d594-59d4-9378-a94cea762952", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06676a39-45d2-5d42-b1ba-ec30027318c4", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7713eb1-e718-510a-8ba7-116a328bcf7f", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1dd94b7-763b-52c5-a5aa-14581c733c7e", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9de09e99-f655-5eab-9a0f-0db2d13a558d", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d51a3c5b-ba65-59ab-8027-0f4b9dc27f25", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06a8614e-c7ef-5486-a866-7e6e06e9b905", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98c2b698-cb58-5deb-9029-9e45394fe94b", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8907f0fe-b16f-5b32-8bd6-8418119fff5a", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c48bb107-7de9-5c46-b97f-bbe982fdbf55", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86d6bdca-2e2c-57e0-bf11-aa49fca60d85", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc81e690-1a9b-5453-89a5-7f44593e66f4", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-common." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1.tuxcare.1" } ] }