{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb445ed1-e937-55be-984e-c1d8b7b60382", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-start", "version": "11.0.28-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:845e43b0-5737-5106-ad80-e2dc31583a49", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:997109dd-59de-5ec0-bdcb-dfab757b18bb", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:145ba143-1c21-595d-9c5c-3f72a2a2e353", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9dd36721-2df2-5772-9c87-ab101033569a", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e60e457-8e91-5e8e-bce0-a7275d1b67d0", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c72f3ae-5966-5606-bf2a-113195daa6ae", "id": "CVE-2025-5115", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-5115 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ca5fe21-17ab-54dd-a8a6-5ec1534b35a7", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ad05c3d-910e-5acb-b800-937fd432a2da", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:449c2561-0001-5518-aa6f-f74555868cf7", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-start." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-start@11.0.28-tuxcare.2" } ] }