{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:c7ca7e88-18e3-5fbc-b338-12bb7728e885",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2",
      "type": "library",
      "group": "org.eclipse.jetty.http2",
      "name": "http2-parent",
      "version": "9.4.48.v20220622-tuxcare.2",
      "purl": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:02d138fa-d72d-52b4-973a-73e7b0aa96c3",
      "id": "CVE-2020-27216",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3ebd49d2-2d2a-58a5-82e2-8b274759d214",
      "id": "CVE-2021-28169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c5b2e85b-3ac3-520a-9a57-d5467122edba",
      "id": "CVE-2021-34428",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:347b4b8b-ab47-528a-a72b-01ee013156ea",
      "id": "CVE-2023-26048",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:68819438-001e-536e-a909-a898a211627d",
      "id": "CVE-2023-26049",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9e1e08f1-cb24-5146-850e-d7a00d524282",
      "id": "CVE-2023-36478",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9e337e8a-8465-53dd-899e-4658de7fcf5c",
      "id": "CVE-2023-36479",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c6fe52e1-8ce0-5f3a-b1f0-2a84274687ac",
      "id": "CVE-2023-40167",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6b4111eb-ff34-5523-af0a-93256d6f1ef4",
      "id": "CVE-2023-41900",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:98fbc961-bcca-5fd2-8980-484aa0e7564f",
      "id": "CVE-2023-44487",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a3e31882-e932-56b1-9fe5-d136412e4acf",
      "id": "CVE-2024-13009",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:04702159-4ba7-5062-b174-d36020b73fd9",
      "id": "CVE-2024-22201",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c05a4b96-84b6-53aa-a5ae-5ffa4487ed73",
      "id": "CVE-2024-6762",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9a1d0e5c-7715-5441-9333-352d71c46f2a",
      "id": "CVE-2024-6763",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9da2c22a-3377-5dc2-aafe-10d34ed2592f",
      "id": "CVE-2024-8184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6faddda4-2734-5fc0-b813-96ad8ea7e0ee",
      "id": "CVE-2024-9823",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8bd62ab3-6872-5991-ade4-6f19e5691a53",
      "id": "CVE-2025-11143",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:097e8ca6-cce8-5842-a3fe-5d5f9de63d0b",
      "id": "CVE-2025-5115",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:897c4fd8-b205-5c48-8e42-e27cd0ac0a3e",
      "id": "CVE-2026-1605",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:990d0749-e1ba-5f89-80fd-3ef5e047ebd7",
      "id": "CVE-2026-2332",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a90f900c-2a4d-5a92-9d2d-4eb8c001a2e7",
      "id": "GHSA-58qw-p7qm-5rvh",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty.http2:http2-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.48.v20220622-tuxcare.2"
    }
  ]
}