{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7daa0034-0e00-5938-9ce2-813dd911570e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-common", "version": "10.0.26-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:642b40dc-e3b2-5869-bd1b-106a4b3504b7", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7acff95d-bd40-50a8-bc8a-9484f2b3de97", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e703841-99fa-5761-8906-88c0762987a6", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9bef454-fede-5e5e-92e7-9628aaba5169", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21cf418a-c29e-5e16-8041-6841dc3e8b72", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9550ea8b-6759-591c-b08a-eedcad43b037", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41e66f93-bb48-5759-a8b8-79728babfaf4", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d442b871-d970-56f5-b5e5-6a0e88011c47", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:702e2e7c-bf68-5889-9f7c-ea80bd0be873", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fed1672a-c800-53cb-b05b-09c76ba988b4", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a25385a-5a5b-58ca-a5ea-90ef18425cce", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c6b4edd-e0b2-59e5-b391-cec31890bb7e", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c26502e6-79bb-5398-8109-d59f23acd13c", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50b03a93-ca3f-50c3-a083-ac8158c9aa93", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efd2e04c-8210-562d-b9be-43601f68e21d", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e07e58ed-9824-555d-9273-de88619b70ab", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6075b85f-3867-5c46-a510-aefae2a9b0a1", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95c6da79-c5b7-51b0-9432-da2694c66170", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@10.0.26-tuxcare.1" } ] }