{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9187a8b2-9e97-5ae0-84d3-f82e8180cbf8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-yarn-server-tests", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fa97de7b-371c-591f-972c-5e3b63275e9c", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a14d182e-4714-5f29-8121-0fa0e4e8a303", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5448ec38-4057-53b6-abb3-8a6a42b68e94", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1253e62-1787-52b6-bc0d-e192b3afb5a7", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f07c2553-ff59-5b7d-9181-8b7f5689644d", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:661fc3d9-61af-5467-98f6-24cbbd1dd6c6", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71db4e06-141a-5c9e-a61b-55d4668710ec", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:760465c4-9458-5583-81cd-ba4918bcdeb1", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9b16a86-c912-575c-9476-08c59eae2340", "id": "CVE-2018-11765", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2018-11765 does not affect version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests. 2.7.1 is not affected. The upstream Apache Hadoop security advisory (https://hadoop.apache.org/cve_list.html) explicitly scopes CVE-2018-11765 to 2.8.0\u20132.8.5, 2.9.0\u20132.9.2, and 3.0.0-alpha2\u20133.0.0, with fixes in 2.10.0 and 3.0.1. The 2.7.x branch is outside the affected range per the project's own advisory; NVD (https://nvd.nist.gov/vuln/detail/CVE-2018-11765) lists the same ranges. No backport needed." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c22f1aa-a069-5772-a7b9-09a1a294ae79", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a170e7f5-6dd2-5127-919a-d30fb5932a41", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:003bb85a-218b-54ae-a5c1-854144112fb7", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:711fc78d-ff3a-57f1-8e35-8ae110024faa", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0dd21111-c067-5461-816d-ab06edaed8db", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83009b21-31b1-5afb-9a4e-b102a0cc706d", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:772720b4-5b3a-5878-9304-85b7cd50b6e5", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2db9a5b2-554a-5fb4-acc5-539a2f08f79c", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc157d14-efb0-5302-9b07-85f125a4e64f", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1b58d46-1b4c-56d3-96e0-f0d7cfc89ae0", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:703a3439-3c4f-50eb-ad89-fa4bb97296ec", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d48274d6-1864-59e9-b173-989dd676e089", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-yarn-server-tests." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-yarn-server-tests@2.7.1.tuxcare.1" } ] }