{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c07f3a1e-0eb6-50e5-a8e5-10a4d93b99ef", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-common", "version": "9.4.53.v20231009-tuxcare.4", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:341c53e1-e9a1-5954-9132-937e5b86339e", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6353646-9a30-5f34-8cec-cf62a4691189", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4e77e63-5272-5b9e-adab-5bdf976fcc66", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ab4cace-5bfc-531f-a84d-52dbef065abf", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:daa22ab6-7e5c-50dc-b202-e3ba719144da", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d649492-d254-5d14-ba59-96b49636a381", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5302b53f-36b1-5728-80df-9922175ca780", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20d7e416-3af7-5ba3-8b63-6701acfd59a6", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dee9f7ba-67bb-58a8-b704-129824a0f8e2", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:edf98d66-e2dc-5034-a311-3263dad74522", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea1d4d3f-45d4-5512-b8c2-835f5be68dbb", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:037d1ea0-b336-5c85-8321-ac6f7de04cb7", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd5aaffb-06a4-51a9-a48c-63a9b8b64e58", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5052d47-e0fa-5d74-9555-53e041a77a0d", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:29f6bb68-945c-5176-a492-84a1e36e242c", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df850cc6-5590-5269-960b-cf573e12fcd7", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:827c628c-9ab3-52ea-8d4b-89f62ce73752", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71cbc2d6-fd52-593a-b54d-d4d8b014d26c", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ced6b4f1-8cb4-57e8-89c7-4feacdc92457", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1522ab3-684a-57cc-9cb1-c3e355b90e12", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.4" } ] }