{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fe25ad6f-a09b-582a-95b3-907e72882dea", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-http-client-transport", "version": "9.4.53.v20231009-tuxcare.4", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e982b4b2-639e-52ab-b7b4-5553075c8095", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2409374-234b-5d3e-bc4c-f5096acf75a5", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:470cb7ce-66e7-5b36-aede-920d5c79484c", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab780cab-91a8-5205-97f3-53ac8a117a8f", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8fdbe765-17d1-5154-a354-f4e4327ecb3c", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cc44ed5-1018-5b23-93ba-977b3faa250a", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21fd1358-63c9-5cc1-9755-b5a53ec257db", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5386dd10-18c0-52e4-95bc-da64a0dfd894", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b28aeba2-abad-51d1-972f-78a433dd7d9d", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a24f08c7-ff9e-5465-a439-f0e14ff22820", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5533c22b-2016-5be4-8eca-2c8cf1e85f55", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2bc42355-47d7-5d01-b4ed-a817fa0e075e", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f8af7bf-8ec9-55bf-af2c-0c373bbcdb6e", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5ba2b4c-3aaf-5643-a450-8aa3e9cbaf00", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:077e6aac-7735-57db-9f50-ee05ab4080f6", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c69cb34-c59a-5330-9352-b70357ffc342", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6add373-b254-5246-bbb9-c70b7859e502", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5970c401-7c35-594f-a184-dee294023f6b", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9d178d9-c83f-5006-b6af-ddd5ed172d69", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d89c7323-2465-5759-89b8-71921054e181", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.4" } ] }