{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:554e66f9-0e36-5e6e-920d-4032856c5786", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-parent", "version": "10.0.26-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4f8f244a-9664-5aaa-95ab-a014bca0955a", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8583d959-60b3-5b3b-8477-bad89d33ff8b", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:161162c9-ac7b-5e9c-94a1-3e8ef11478cf", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f69bc6f2-cf5c-5239-9701-1957d1ac7429", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:babf053a-78cf-5ebc-a45a-9e16cd122219", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fffeebf-1ced-5921-b942-e372273b694f", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6eb857e-3dd4-5429-bba8-6f7c4116b7a7", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:529ea621-7129-56b3-91af-a88bfef9b752", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:472cfc21-d016-591a-bcab-2c95f83b0568", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37cb0633-1909-54cc-b1df-853e17c992d6", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c47289a1-7c29-5a05-a11b-3320a38ada4a", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1858dae-4273-52fe-9334-053cb88e9f4b", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:575a7458-1c44-5c1f-83d8-966bd0f506c4", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ad0b166-033f-5590-b515-953b178db85b", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c17981e6-16cc-5d67-8c21-8ca8640a231e", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7f69b1e-2327-5f8b-a4fa-45597ad377f3", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee4a3827-a4e9-5576-bdba-129f147c416c", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d648c04b-d45c-51c2-bab6-02faa9eecbf2", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@10.0.26-tuxcare.1" } ] }