{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5e7c4286-fd10-52c7-895b-45c9d2ccf6cc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-client", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dfd5529b-75d6-57a8-b250-0f78b02231e2", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cb96337-69ac-5fea-9b59-7fa221b594e6", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48ab7b0b-40d3-599d-acd6-3264de3ebea7", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c628401-28bb-5d37-a05f-642134dd87c5", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e5f0b08-45ef-5cdc-a67f-f01ba3981b9e", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29265dd9-029a-5e24-902f-150b86b12c25", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:276a170f-9b8c-5ec5-a542-73cb513d9ca0", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74ee16ee-31ae-5b99-843f-bbdaf3f7e611", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88ced097-12d6-5c73-8bb4-16823b74989e", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:835b6a1b-50c3-5e75-a54a-0b24886bd616", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7249ca5a-e795-5d15-8769-4fb7ec4a2ddb", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b258f6b-5fc1-5494-b910-5015266b1bd1", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc2bb7e6-4ec7-5f1b-a0bb-8fb9a7c06a48", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:848c589d-e5a4-550d-8fad-16eb9edcb83c", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b35ffcf-9681-5dc5-832b-70616ada9756", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c0a6562-a03e-51b2-b35a-f2c5d0130232", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f4c1819-90ee-53d7-b308-257f2c10ec9e", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1f0ca27-544f-5394-8e38-784c983e1c11", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.57.v20241219-tuxcare.2" } ] }