{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9ed76fef-abcb-5ebb-8dbf-b8524f6c9950", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-hpack", "version": "9.4.48.v20220622-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c11ebbd-2db8-58a2-9b78-ca57454677eb", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0a2b12a-1f38-5490-9160-9cbd1642f373", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8b483e5-8c56-53a4-85aa-89fb2710a623", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ceea2c7-45d2-5740-9d44-afe06b2a2dd3", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d47b626a-dae7-58ed-a697-5b6f4622e9ee", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05af2a6b-3501-55a4-b5db-45801ff9e5a6", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1627fb57-a3f8-5237-a2ac-8630b93fb21d", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5cc5ec5a-80c6-5b94-9e30-dcf340dcf3dc", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:654b0fab-0b4f-55b9-9a2f-beecbc0dd1af", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb287b62-426e-5cd0-8e2a-fdfe7ead03f5", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7b8de84-7dea-5e66-8c96-7dea6b00a2d3", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aaa3ee48-7849-5c92-94f9-531872441e80", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54a2ddde-cb06-59cc-a1e5-4c09fc9e8d42", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1670c43-bed5-506c-87d3-4cb1fabdc3b9", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee016292-c90c-580c-9175-40e72b63b8bd", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae672ec0-4237-52b1-b750-ff7c20915466", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f95cae47-4b11-58a3-89ca-3dc51a9526fa", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:260e91ae-7734-5dfc-81c1-8fb432d66e13", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bfb11572-1044-5a91-8ed8-21887da04767", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d952b0c-f3bd-5384-85cd-3e6225d35936", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0a29770-80e6-5d2c-a3ce-e8ac1bb6186b", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.3" } ] }