{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3457119f-b5b9-5661-ac51-130ede18572d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4", "type": "library", "group": "io.netty", "name": "netty-codec-http2", "version": "4.1.112.Final-tuxcare.4", "purl": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d945fdf2-f8f6-5b66-bc62-a4f81433ac77", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0287d299-d44f-5a90-8eca-605d0679908d", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70513b00-6c8e-5c5d-b113-d27668d7d34e", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ef37db6-e01f-5bed-a96c-1aa6e5893f23", "id": "CVE-2025-55163", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55163 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cac48f90-c58f-5368-8291-a95b0bd43958", "id": "CVE-2025-58056", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58056 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea3fb0bc-5d41-582f-b19b-34db0b2b8a2f", "id": "CVE-2025-58057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58057 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6705d34-353c-5258-9843-01de26bfe049", "id": "CVE-2025-59419", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59419 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0df925b0-3267-566e-831e-d45fd6f8d93f", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca22a709-684c-5e1b-9fda-026bb95a2939", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f82783b-d54c-5d50-8a5f-10f6b5e0dd7f", "id": "CVE-2026-33871", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-33871 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:021cd307-4fde-53a4-953f-92245e57d15f", "id": "CVE-2026-41417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41417 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82bc89a6-fc37-5fd8-8bfe-875058c54038", "id": "CVE-2026-42577", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42577 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d40395e5-18b4-5be6-a205-8eb99c418931", "id": "CVE-2026-42578", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42578 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13044c89-dfba-5fba-b5d2-58b7a0093b4b", "id": "CVE-2026-42579", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-42579 is fixed in version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de56996e-5001-5f63-bae1-0ff34b6a0946", "id": "CVE-2026-42580", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42580 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f80a550-96f0-5bae-aa09-39a93ea4d158", "id": "CVE-2026-42581", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42581 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e71cc3d-2857-5cc5-b87a-4cc51fc2e19e", "id": "CVE-2026-42584", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42584 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a315e67f-1e9a-5b83-9648-dbc579ffddea", "id": "CVE-2026-42585", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42585 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9436961-4934-5a6d-b463-f20dc411871e", "id": "CVE-2026-42586", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42586 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ba16e98-fc13-58d7-8f0e-922592d550a7", "id": "CVE-2026-42587", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42587 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5daebd7e-c0c0-51fa-af8e-05419ee132d1", "id": "CVE-2026-44248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44248 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9c19245-160f-5076-986f-8d11bd0d8a78", "id": "CVE-2026-44249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44249 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e648052-7efa-539e-a71c-a4113cc11450", "id": "CVE-2026-44250", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44250 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a04f4c9-164b-5ef5-9402-cbce0c1973bb", "id": "CVE-2026-44890", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44890 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9513bde-04e6-5134-865d-2e843a8cbec9", "id": "CVE-2026-44893", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44893 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:426b2837-287a-5ea8-8d34-e079f7c82935", "id": "CVE-2026-45416", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45416 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8e5c12a-2e56-5383-aa88-78ff285b9032", "id": "CVE-2026-45536", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45536 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb5c5fa4-931d-5f74-99cf-66d9bffa4d3f", "id": "CVE-2026-45673", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45673 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1cf8d4bf-950e-5411-8adb-d9b32c1810fa", "id": "CVE-2026-45674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45674 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86ae984c-97fa-53a7-b940-173934b88f55", "id": "CVE-2026-46340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46340 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ceb4a0a-48d8-5be0-9be6-c905b11fb5f3", "id": "CVE-2026-47244", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47244 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a773d556-6d1d-5f55-aa8b-bff6cd20d2d9", "id": "CVE-2026-47691", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47691 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:040f5690-60cb-5933-b6e8-36e7e280a2f4", "id": "CVE-2026-48006", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48006 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e23a4533-1489-50c4-ab6b-629209b5963e", "id": "CVE-2026-48043", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48043 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c19c52c-7385-55fb-81c6-bbc60b3e206c", "id": "CVE-2026-48059", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48059 affects version 4.1.112.Final-tuxcare.4 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.4" } ] }