{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:537499bc-97e9-5cff-800c-71071d18dd28", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-hpack", "version": "9.4.48.v20220622-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9689fb24-0206-5de0-9289-bb620ef13046", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ea811c8-7880-5eb4-b60f-545a4b8ce00e", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffa41bda-b8ea-5774-9a98-0e3dba40ef90", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19140036-d4a9-5ffc-ac2a-b574fa63d40e", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0403a15-2286-5b5b-9b4c-95b44cb5037b", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79475255-58c0-5531-97bf-a8ba38507834", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:787d1a73-f5d3-50eb-b9a4-db25e7e5ae56", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fedddf8-a77a-5ca6-bddd-7837f6d9cf4e", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:665b7b0c-72ae-5b80-b439-2310e59f1653", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d77577d1-9d37-5ac7-8aa2-f220a9faeb10", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04d4a185-9cc3-518d-b263-c18d4425b316", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c171620-7c83-594e-b4cb-7920b8ef2041", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f623f3f-f5e0-5826-89e0-e89f23d6c55e", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6e8eec9-f766-50a7-a635-2299f115e771", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cba9ba9b-da55-54f2-9194-93ea0b3f213a", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8f1d836-cd49-5cb3-8f2d-64bea974c8b9", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eadd7980-5e9f-5300-9518-cd58fd9f0404", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4abd48e-7e1d-5229-a995-5c3fbd5b1bb6", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9dc1ea1e-16a4-5626-b771-2ef14938be14", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2715205-72bd-5ad6-855c-b5cf553cf902", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1ced61f-92b1-5f5c-a5ad-60cc1d9b0da6", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.2" } ] }