{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb191867-b7a9-55b1-abb1-c669f6af18bd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.fcgi", "name": "fcgi-client", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c4ac29c8-2099-5f50-8772-78c52c5bfba3", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2ffcc12-6189-5172-b9c0-596b3f56df94", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93fa64c9-7f82-5f41-8e4b-09e78be69404", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91a5e68e-ce32-5c72-baef-900692f9f960", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a80d310-1956-5b1a-84d6-a604159e1b83", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02753a43-75b5-50f2-a371-d6a0ac7b6d6d", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea5c5c38-2181-571f-9276-ea2d763d7309", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:799bf67f-e10c-5e4b-8c33-46ca1140d83e", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:447f1ee9-197f-57a4-bee7-1b12a345e7c0", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f1b72b7-d9bd-52c2-9c06-262306e9d98b", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:940ca3e4-e1c7-5525-9ccb-e7d1a61a4ec2", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b07dfe30-bd1f-5bd4-b52b-74f598b03a68", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f6adefa-8321-5064-a97e-df291f0014b2", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb76ce69-e9e5-542b-a408-643fe8c0327e", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:789cfd9f-4d8a-5dc2-82a2-044e3dc304a6", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53048db5-f285-509f-b9c8-93ebbc902c7e", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4437904-8ecd-5492-a804-810f48ef1ca5", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:663171f8-c5bf-5825-8cb0-aa9204bb7816", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-client@9.4.57.v20241219-tuxcare.1" } ] }