{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:487688d7-4a4e-5664-8dfc-f6b5148b4e88", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-http2", "version": "4.1.112.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cc18750a-3896-5503-b630-f631a12610c2", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11feefb8-00e6-58b7-940e-315d492feedb", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2446c5bb-dc92-5cf9-8301-dcce8fb80292", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c835936-6987-5ccd-bc53-c79900c1bd0a", "id": "CVE-2025-55163", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55163 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:671ecf55-beef-5ad0-96ae-80257c6c9406", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f49c7590-f588-5f21-ace5-8346a61823ed", "id": "CVE-2025-58057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58057 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:388ad1f1-2c43-5a8c-ac3f-36aca276763d", "id": "CVE-2025-59419", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59419 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9405461-10c5-519c-a103-f9ca979f21f1", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5482daac-fb63-59ae-beaf-644919002d57", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7f0e9f2-4f81-54da-a43b-ac6f6379aef7", "id": "CVE-2026-33871", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-33871 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7309af9b-d54f-57c6-a365-7282079ec61c", "id": "CVE-2026-41417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41417 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6131f03d-00d3-53a6-8ab4-1debdf376f7b", "id": "CVE-2026-42577", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42577 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4344a4aa-4056-56a7-9d71-0c87412699c8", "id": "CVE-2026-42578", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42578 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7131c910-7269-570f-81df-d82a5313b5f9", "id": "CVE-2026-42579", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42579 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0058ef9b-0841-53eb-a5c7-a36dcf744c98", "id": "CVE-2026-42580", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42580 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7852c8c-4ec1-551d-b689-e75f77804cfe", "id": "CVE-2026-42581", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42581 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9faea4a4-e479-57ac-882c-e20fd27143bc", "id": "CVE-2026-42584", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42584 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4153951e-6d2c-5f66-a05a-b68d8759f845", "id": "CVE-2026-42585", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42585 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a789c466-52da-5df5-857e-b0e97ffd43fc", "id": "CVE-2026-42586", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42586 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87023643-b24f-582e-8179-78fd6a025d29", "id": "CVE-2026-42587", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42587 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5b86e39-d235-593e-b2d3-adfb35838669", "id": "CVE-2026-44248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44248 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:501143b4-1a7d-5210-93a9-b19b130604af", "id": "CVE-2026-44249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44249 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e67f01e7-a9ac-595c-b468-b62fe93c8ef1", "id": "CVE-2026-44250", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44250 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:032a110e-8393-529c-8c93-cbda74e0da9a", "id": "CVE-2026-44890", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44890 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:deb3a07e-73df-5651-9d17-1f9a243f9ff6", "id": "CVE-2026-44893", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44893 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ac0e5ac-f488-5926-a934-0442b80638fa", "id": "CVE-2026-45416", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45416 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0e442ce-5bc4-51d8-9c76-01be21b3678d", "id": "CVE-2026-45536", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45536 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8b48d3e-1df4-550a-91a2-49ecff734a90", "id": "CVE-2026-45673", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45673 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfcd0b16-cb93-56f3-942a-0c547b9ee568", "id": "CVE-2026-45674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45674 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0780041c-c3e5-52e5-8f27-339a0b23ac60", "id": "CVE-2026-46340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46340 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:067e1ca9-6120-5208-9c55-3b7c19af9ab8", "id": "CVE-2026-47244", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47244 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a96fc6f5-0fe1-50fc-83c7-faba5f888b5d", "id": "CVE-2026-47691", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47691 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:083a083a-53f3-52ae-ba13-c91060c26f13", "id": "CVE-2026-48006", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48006 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aaa9d958-405a-5006-b9ee-b21358bb3f4a", "id": "CVE-2026-48043", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48043 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f025644-6f7e-51b7-a6f8-4bbe230050d5", "id": "CVE-2026-48059", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48059 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }