{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3281e040-da8b-542e-b812-6a9343fa59b8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.osgi", "name": "jetty-osgi-boot-jsp", "version": "9.4.58.v20250814-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:44af2794-f3f5-57fa-ad1b-8f94c82d29b3", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95684c92-f2fb-5077-befd-e17b0c64a4ef", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:531e55cd-9ccf-53c0-ab9f-88fac2f507c2", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:316b729a-f668-52a6-8efd-dc162507310c", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94003031-52c0-5ce1-a902-31f5d0e67c4f", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:092fd4ba-f155-5793-9963-c443bad017ae", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02e9fcc5-41bd-5850-b130-bbbaead7b0f3", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:793b1d17-f444-5962-b678-a8933b85ef52", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5080cda4-70af-5bc7-9430-6317d2771377", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42961cf6-e33d-57bd-ad42-50993adcd29e", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7599ae35-a118-5d68-acb6-3f749394fb69", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80c89a82-d2ad-5c89-83b9-93092e5d014f", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:851be519-fe22-596e-bf2f-c3d34d468334", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42a7678e-ef13-5e84-9d0b-18c09f99784b", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64bbd1b7-7bac-5758-84e0-66bbdb493744", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:becf62b5-e88e-5350-80e5-8c77ea5c8034", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4de956cc-47e0-531a-a586-89406ff64365", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.58.v20250814-tuxcare.1" } ] }