{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a00c9492-4066-5019-88ba-34e427ff810f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-service-description-swagger", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:248c2913-b268-58b7-83fb-cb659e3bb47f", "id": "CVE-2005-4838", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2005-4838 does not affect version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger. Patches already applied: f3932a9ab64689e354e9c36da95f001049fde13d (already in target via 6a984d1184f 'Adding a test for the service listing + private endpoints'); 576b9b55ff80b118bc16c33df755ae518ba5f13e (already in target via 1cf50e500c9 'Fixing issue with multiple forward slashes in services listing stylesheetPath')" }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a509571-6907-5875-82d6-1b1b88a2182b", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79b3dcf2-1505-5375-8549-0242e8bc6005", "id": "CVE-2007-1358", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2007-1358 does not affect version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger. All 1 patch commits already exist in target branch" }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31b849f9-57d4-5a63-9ea5-304d80e8165a", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:826f3120-10eb-57bc-ad1b-cff621573a27", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18778344-ed3c-50ed-915e-d6106930042b", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac4c4721-963a-5939-a9eb-6b143d1706b3", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:336fa3ff-f62d-5b4a-9f15-bf7b7fcfc982", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c079e96-bb04-584d-b4ca-edb83a2ca9b6", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:993d3d5a-6d73-5697-b8a3-0e61d53aa83b", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3cb70c0-0f70-5439-b75e-a93031910325", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9febd254-9a6d-5895-9fdc-c0b98aee4b6d", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a3b4bfc-ffc2-50a1-8a10-9ef03b29d67c", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fa026bc-58c5-50b5-b46b-a04c775a43e0", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1cf5cd07-0524-5d4c-8381-f6d84ee59c89", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:906c740e-8315-5440-a479-812d8611ed58", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7af41078-257c-52f1-8f08-1b74ff6442ca", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-swagger 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9092f090-f07c-53c1-b97a-ac4b475a7ed3", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fad8c99d-03bc-57ab-b79b-267a0792120a", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f840c20-ed82-50df-a922-996dda8db553", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4179489-bcb1-5bf9-bbf4-8f4d52c99421", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b53ee995-aab6-5ef0-bcca-43b399b62184", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d1973b2-2509-5340-9edf-34bd815fdb9e", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce2f7831-65e4-54fd-b090-9c8f84799d28", "id": "CVE-2019-0226", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2019-0226 does not affect version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger. Version 3.5.9 is not vulnerable. Summary: The target Apache CXF repository (version 3.5.9) is NOT VULNERABLE. The path traversal vulnerability in filename handling was fixed in CXF 3.3.4 (September 2019) via FileUtils.stripPath() sanitization. The current version includes this fix." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f627985-d479-5192-9074-79bef8698b7c", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7cc74c2f-67ea-5488-8564-d87013ace0e7", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-swagger 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85742e92-d94b-5dbb-b030-d458027998ff", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4db3aec-0e7d-5231-8b7d-92c543b1a584", "id": "CVE-2022-22932", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22932 does not affect version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger. PP vuln-detector: target version is NOT vulnerable to this CVE (AIMAGIC-1135 triage; audited)." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7c009de0-fe72-59ac-bde3-b56ccef6c25e", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e20e6824-1ba3-54ff-940a-5df444406498", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-swagger 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5654998c-76bf-5119-b899-fb565c63faf9", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1553102c-f869-5685-ad57-7e73283f51e8", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7da2653f-ec9f-5986-9293-a6586ef5949f", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b5fb9ba-5d32-5a83-aabb-c8253bc3528c", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-swagger." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-swagger@3.5.9-tuxcare.3" } ] }