{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8cc81e1c-4e98-5e66-8307-79e5112ae6f3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-http", "version": "9.4.50.v20221201-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:262e9793-903d-5b78-9d47-83602c02fcc1", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:873c7544-ec2e-59e2-bcd4-76fac6313ba3", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:466ca154-508a-59d2-bb64-8b47adef866b", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae35e3dd-9b7d-51ab-9fe7-340491d01309", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bbd8531-56bc-5a22-8712-2e7f6daa73b3", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:861c9174-8440-5e0d-a89c-b031c71f5462", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fe7d2ce-725c-5932-a34b-6ba4c6ebf333", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f3e2485-4148-5243-8a7f-72054d98f75c", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06694015-f12b-5f07-a641-f131b85a54a6", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14eeeae6-a5a5-5592-a18c-7ba2142b7193", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99fda5e8-88cd-5fa7-b8b7-05a984feb62e", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11548889-ccfe-54e5-9c89-74115f45bac9", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5214017d-fe6d-5b9b-a6a7-07892d122bdb", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c745eb6f-381f-58c1-82d8-fcade0f212d4", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ed3e3ac-6a5a-5602-937f-818e6475504a", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98eb7645-5756-5d29-ab42-604cb96ebf89", "id": "CVE-2024-8184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-8184 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5e2a7be-7122-5e76-b088-1dd53053d8f4", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4260a7ef-c789-51d7-9532-a7c75546e35c", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:679535e6-cff1-5a5b-80f6-805a81ba3658", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17318abe-d305-573d-aa82-f1e310b6482b", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85e1df84-bc75-5479-b84a-fd58b80a751e", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14c23b73-a1bd-5ab3-9a76-c1946c0f62b8", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29da36ac-3189-5c69-a99b-ae7f263a1001", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.50.v20221201-tuxcare.1" } ] }