{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b7df4872-7541-56ba-8049-05cfc54acf6f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.fcgi", "name": "fcgi-parent", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:af601e59-acc4-5fe0-bf42-9a9dc14cb11a", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae9bb739-1d11-59ff-ad84-a2cd78985bf2", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de0f6734-349c-587e-8714-876519cb80f0", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:827e6219-67f1-5d36-a439-b4ed4374da17", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1ef68b4-e68b-5740-8fc9-828a7c5514d6", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7ed8715-99dd-5c31-a758-f3c59faf4163", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7934549e-7955-57e6-8f28-c8769e1337d0", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6804215a-f356-5ae1-9572-6275c5135ea6", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7d8da2f-9ede-59d3-9e57-2c8a315e47d0", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc289b3c-cfc1-5647-8012-ccbbcc24472b", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47f0e382-9584-555b-be72-5d5bd4e92a9e", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f64c91fe-7284-556b-af85-383093f7730e", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f647e1bc-c0bf-5167-9ca2-089fa07f9cca", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c7c9a4c-02a9-5cdf-b829-e520ae8e882c", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80f1a938-2f3f-5672-ae3e-394ec50cf1cc", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f175a44-6dd0-5fb2-bae1-a5a581fc89d8", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:763c160a-bed6-58e8-b59b-2ebcf00a54b1", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74821138-c374-53f4-b7cd-41c1622ac55a", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.fcgi:fcgi-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.fcgi/fcgi-parent@9.4.57.v20241219-tuxcare.1" } ] }