{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:391a6a4a-34cb-5bac-b2e0-499a994bd799", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http3", "name": "http3-client", "version": "10.0.26-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ae021168-6c4f-5f6a-943f-099f08ef5216", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46c78988-9ccf-564a-9cdc-f649599fdbd0", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c47c52f-137a-5c4a-b559-36dd8d9d6d13", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c7f288b-519e-5261-a6ce-0f13c1af2b8a", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63219279-4279-5a7d-8edb-e8a8d1f8d83a", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f4e8150-2bf2-5862-b96e-d3d43d795ef0", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57ce2745-6ea3-5f67-ab36-6e3c6ba6b048", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:004d7083-6434-5fe7-b3f9-62df3069b810", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20ef6a30-f26f-5f57-ba67-84e7aa10e53a", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a409c5b1-2202-5bfd-b0a5-e4b5357fdfd4", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2aae475-d452-5952-a8cb-93d8696037bc", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a371f6ae-7bbd-55d0-bf7d-3a2af584a623", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c8c7d9b-5af7-5a55-8735-ec6865313a32", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ff0f794-55f6-5f2e-a91c-ab7ba24049e1", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bebb6c4b-4a66-57f9-b812-fb9451c872e0", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:613f9d9e-b040-5731-a587-56fc8e7325fd", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bffe56bd-12cf-5aa2-8ede-1d0a2f272759", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a04a1b20-dee1-5619-9d6e-2472cdd9efa4", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 10.0.26-tuxcare.1 of org.eclipse.jetty.http3:http3-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http3/http3-client@10.0.26-tuxcare.1" } ] }