{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:10dd7e71-3735-5ef4-9479-8ffe70281264", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-parent", "version": "11.0.28-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:05f068b0-91e8-5c4e-aa0e-a1edc56a09b7", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f179e93-7ed0-5359-8ae7-1a10273c1f43", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20149b5f-3e01-533d-9023-66c28bb6f590", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7bcdfc4a-93e6-518a-b0f5-e6901ceac99e", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4f4fa5f-cf60-5d06-9ed0-a64e6d9b4ea7", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d560b10-4018-5b9d-967e-3c2208481e32", "id": "CVE-2025-5115", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-5115 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34d66603-8b2a-57b2-8119-6124289d4b45", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70283237-9f3b-504a-94b4-bf505bacc380", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40f9e845-77db-5d25-a3cf-e7da87550a4d", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-alpn-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-parent@11.0.28-tuxcare.2" } ] }