{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2024-09-26T21:31:12Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/document/package-busybox","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/busybox/package-busybox/busybox/UNIHASH/document/package-busybox","https://rdf.openembedded.org/spdx/3.0/link-name":"af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63"}],"name":"package-busybox","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox","creationInfo":"_:CreationInfo0","description":"BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides minimalist replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. BusyBox provides a fairly complete POSIX environment for any small or embedded system.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/package/busybox"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:busybox:1.37.0:*:*:*:*:*:*:*"}],"name":"busybox","summary":"Tiny versions of many common UNIX utilities in a single small executable","software_primaryPurpose":"install","software_homePage":"https://www.busybox.net","software_packageVersion":"1.37.0"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/1","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/package/busybox/file/1"}],"name":"etc/busybox.links.nosuid","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"b6aceecf46abd76003f6b2d189e82487a1ce3d3cdc00e8e1b00588312811cb7f"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/2","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/package/busybox/file/2"}],"name":"etc/busybox.links.suid","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"654a3e3f88ac3232b78645ff5a53fda8aaf0d523ccfecbf2133226fd4ffd4a6b"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/3","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/package/busybox/file/3"}],"name":"usr/bin/busybox.nosuid","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"21c640b6c4890889c4e50da11339889cfa7a50ef494db2f974c1b1724387af6f"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/4","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/package/busybox/file/4"}],"name":"usr/bin/busybox.suid","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"7a2b6e80c233100cf76938928d24455c8d67ec60efe58eed09fd5530cca2644b"}]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/relationship/44ca60561ff1079dba3de8a6e38d0f67","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/relationship/44ca60561ff1079dba3de8a6e38d0f67"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox"],"scope":"build"},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/relationship/89c15ac1ed1616ec622d0078ad82da70","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/relationship/89c15ac1ed1616ec622d0078ad82da70"}],"from":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox","relationshipType":"contains","to":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/1","http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/2","http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/3","http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox/file/4"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/relationship/9a1d8d261d47116aee107173b003a2f6","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/relationship/9a1d8d261d47116aee107173b003a2f6"}],"from":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2022-28391","http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2023-39810","http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2025-46394","http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2025-60876"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/relationship/fdea048aac6a1fccf8b28119cc2474cb","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/relationship/fdea048aac6a1fccf8b28119cc2474cb"}],"from":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/license/3_27_0/GPL-2_0-only_AND_bzip2-1_0_6"]},{"type":"security_VexFixedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/vex-fixed/616c9246161ee668136a446c6bed0402","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/vex-fixed/616c9246161ee668136a446c6bed0402"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2025-60876","relationshipType":"fixedIn","to":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox"],"security_vexVersion":"1.0.0"},{"type":"security_VexFixedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/vex-fixed/89913a783fd21b5861cf7bcf28d60bfc","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/vex-fixed/89913a783fd21b5861cf7bcf28d60bfc"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2022-28391","relationshipType":"fixedIn","to":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox"],"security_vexVersion":"1.0.0"},{"type":"security_VexFixedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/vex-fixed/a2578a9032c0398d0b246a390daa35b9","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/vex-fixed/a2578a9032c0398d0b246a390daa35b9"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2023-39810","relationshipType":"fixedIn","to":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox"],"security_vexVersion":"1.0.0"},{"type":"security_VexFixedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/vex-fixed/d60d36f84521573008c6fe7e05a6ba67","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/af2a129ef3764657f93ba3b7418902bc0d4bda93751fce0313364eb5fa30ff63/busybox/UNIHASH/vex-fixed/d60d36f84521573008c6fe7e05a6ba67"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8a02cf4130b79d0044bfb62b2e8adb03d1c4b38152c2e208ce7c08a1207e87f4/busybox/UNIHASH/vulnerability/CVE-2025-46394","relationshipType":"fixedIn","to":["http://spdx.org/spdxdocs/busybox-88c2f534-0ecc-55ec-b418-e44fadbec098/c2317208b6580971d9cb5dae4c8b63f612f8065c347fd394c125f0da43fbaf65/package/busybox"],"security_vexVersion":"1.0.0"}]}