{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:46ad3edd-4433-5271-baaf-c284d261952a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-parent", "version": "9.4.53.v20231009-tuxcare.4", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:69a4616d-386e-5411-8b75-2d492adfa441", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3019fad5-e4cf-537a-a1d7-9b3333e8a654", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5562e1cc-ccc3-5032-a820-b4c0edad684b", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a35410b-6789-5877-9c96-468cec7f47b3", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1df8016f-7149-5d7a-b41a-e3f5ff5071ce", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0f45f6e-f444-5159-ba2b-032581cf1afb", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc87fe93-fe73-57eb-90a8-7c47cf0b3319", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d35a8c5-2955-51a7-847e-fdba4a76e6c3", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b505abed-6270-5c37-9289-c978864c3920", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e7b69c1e-e93b-5139-92cc-efc0e3a5094b", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e59d552d-0eb4-5fbe-9629-9624367b04ff", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03f0fdd5-82c0-5504-8516-dd1a7ecb0943", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eafdaa74-6ea7-5d19-91bb-fe5d1f2a7c8a", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca58c719-e6fe-5653-9e4a-8a12b866b2f2", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66c61c49-c741-5ef8-841b-19e18948bd61", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5e88d47-46b9-5d52-aa3f-193436808469", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c69af6c0-97b6-550b-bbd5-7ef0b8f8b93d", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5bc36a68-13dc-54b2-bf27-67051245af76", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34b021fa-8495-52a0-a2e8-2295226c215b", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:52335ed5-db38-5662-8661-2341d6cfa2c0", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.4 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.53.v20231009-tuxcare.4" } ] }