{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aae77f05-9f71-5942-819f-dbd90bd6e7e5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-server", "version": "10.0.26-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:afcfb67e-d1c5-58c6-9e3f-441aeb0232f9", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d816ed2-8df7-5daa-9704-079d25243c3d", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e45bff57-4aea-5750-934f-4d06ec4cb78f", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9803fafa-76b7-584a-afb7-b2a9d915f174", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10bdf495-84be-57d0-a129-62fd70e7713e", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3647c955-6581-5317-8f62-b47f1579eeaf", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0836b334-6b97-57c2-9ff5-035ccce98934", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09e98507-4d9e-5376-ae2a-b3734f560362", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13ae6a19-5d42-5cf5-b465-3f258cb9459e", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01b1911d-5f08-51f7-93af-cd16eb309531", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0aa3f3a4-1a57-5552-a9fa-47b6de40ad90", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab38f76b-8430-5730-a26b-bcf138bc01e7", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37c11244-1192-5bcb-b336-8cf2938c0b83", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e289385-91af-54c3-804e-6a76768c0f7d", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f6e18a4-1315-5127-9cd4-b48ae7004ff5", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52eef455-1b51-500b-a05e-d129aeeb52e5", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b3075d0-d3f2-50fa-92f8-5b47aefabada", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8132000f-14a8-565f-be36-785bc28cfa6d", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.26-tuxcare.1" } ] }