{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:34afaa99-637d-5010-8216-54d6135980c7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-hpack", "version": "9.4.58.v20250814-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b6246e04-b6a8-578e-bf00-5be3c89a9879", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de7ca3dd-d602-540a-88a6-e003ac0c7477", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c325dbe-79bb-5569-82a1-6625e5cc8fb5", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:493e4bd1-1f7c-5588-9580-628e86a0e612", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:036764e9-78ed-5b72-a18e-8edb198149cc", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b9af90c-5037-53a8-9bf4-2e44306bd2df", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6479c2bd-82c6-556f-9fb2-7e63efdb03a4", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b1e70cb-7886-5948-86b7-554f2c8f22cd", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4212704a-da95-537a-b504-fc8194fce85a", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b34f3e93-1e50-5661-be80-2f7e5b7a7a38", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42a57c18-6d7e-51f2-ac85-93f4484d6040", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bd68edf-6ed9-56cc-873a-0d855dc3ed3e", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f099a683-763d-59e8-9efa-a8577646d8ca", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c95ba93d-8894-559e-9d15-25448ae5917d", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e05ce58a-51a5-5a9a-95cc-aedda46d2f20", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8abf8cb1-5e16-5dbb-8530-e8dd765e212c", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22df469f-0138-561d-ace0-69ee0cede7e7", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.58.v20250814-tuxcare.1" } ] }