{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f14e3b12-52c5-5266-8a56-78537d8b676c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-parent", "version": "9.4.58.v20250814-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:aaa88734-c62e-57f2-a309-40f559d448ed", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c451b281-d079-5b0e-8e0e-1258ccb09a96", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fb89757-b718-588d-9c0e-ec83baf1072a", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98e07f48-d718-5221-9663-4d40b0c6bba1", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:784ac85c-389d-59a1-8e45-ae1059d8d37c", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:365feb03-c07f-58a1-bf8a-6b38eea8d8f2", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01bea269-33e4-5c03-9042-c7279c583719", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:596af3f9-1fd5-5d41-80cd-51034f62a087", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:852f0946-984f-5dde-9e07-ba6d91ddd37a", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4983e983-9828-597b-b113-c74878cf53b6", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20f8039a-15b8-5925-903b-63671806343a", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ddc97a9-e8d9-59b8-bdbb-8b9be1748897", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:306d34ce-8999-5e65-981a-b54bb813eebd", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8beb1d0-486f-5534-aedd-c7257929c561", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b32cb7b8-5888-54f3-83db-6e54c8073d38", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6290ec94-6de3-5aa8-a61d-83fe5c8080f2", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:646a3ca5-070c-54ae-9a33-17efa6b34795", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.58.v20250814-tuxcare.1" } ] }