{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d4eeb405-59b3-5bff-957d-71e20614bf83", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.osgi", "name": "jetty-httpservice", "version": "9.4.58.v20250814-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cc878f3c-59c5-5b4c-b2db-2b020d20640d", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1744ab6a-8aec-55b9-ad3d-a25ccc3a4b8e", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ead6e05-92e7-59aa-aa8b-d7784bdc9e16", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6f03c92-eaca-504f-89f6-68c65cc62041", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:577d034e-ed90-5450-b69a-bb6302e22519", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5de7f664-b72f-515a-8e47-b3d00ba80450", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b44cc6c0-ae78-569f-acb6-18a6afb458a3", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89766e3d-0b20-5399-abac-56c3305b0b60", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:540c5e14-f17a-5057-b0b8-41f8d7216692", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec9dca3a-9bab-5955-9187-586d057d013c", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75ae4b31-2131-5806-9cc7-26929ba27b64", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72998cf4-d9ca-5cca-b7e7-9268c3106a6a", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63ab3f3a-d26a-565b-80cc-6d84a07b1305", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1d8a550-18b9-530a-95c6-93d35d8af054", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:548c49dd-ce51-51f7-9d93-bcf455976179", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6aac3f3-e273-5238-8ccb-2647bf934478", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff347d04-3f8c-5fa7-83dd-837ae34cf552", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-httpservice." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-httpservice@9.4.58.v20250814-tuxcare.1" } ] }