{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:8f4e3187-f100-52de-a4fb-8e8570fef8aa",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2",
      "type": "library",
      "group": "org.eclipse.jetty.http3",
      "name": "http3-qpack",
      "version": "11.0.19-tuxcare.2",
      "purl": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:1545a858-4e5a-5c19-b313-941c7f6eb089",
      "id": "CVE-2023-36479",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-36479 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f4510d32-09af-522a-a3f7-92c4ead52c46",
      "id": "CVE-2024-22201",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22201 is fixed in version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d7f35151-ec71-55b6-ad4c-8ccec7bee9db",
      "id": "CVE-2024-6762",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-6762 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fd6950db-666d-5c43-844d-24380e5afab6",
      "id": "CVE-2024-6763",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-6763 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2cee32d2-db03-52c5-a16f-372f6ed1e961",
      "id": "CVE-2024-8184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-8184 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b80de5f3-f182-5b51-9115-83dba6e5e87f",
      "id": "CVE-2025-11143",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-11143 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e2fa079c-80b8-5d98-8655-dd1668b006ba",
      "id": "CVE-2025-5115",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-5115 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ba1cb2c8-b96c-5e1c-8b45-bb2b90efa73d",
      "id": "CVE-2026-1605",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-1605 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0744b7f2-3662-5e7b-84eb-98cbd8600ba4",
      "id": "CVE-2026-2332",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2332 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a3185307-bbb7-511c-8e8a-1dd4dca2bc1a",
      "id": "CVE-2026-5795",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-5795 affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6d885ab9-36e2-56ce-8883-d92f41916c9a",
      "id": "GHSA-58qw-p7qm-5rvh",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 11.0.19-tuxcare.2 of org.eclipse.jetty.http3:http3-qpack."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.eclipse.jetty.http3/http3-qpack@11.0.19-tuxcare.2"
    }
  ]
}