{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:43d2b150-971e-59a9-ae3b-e1d278174790", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.osgi", "name": "jetty-osgi-boot", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cc0f9ee6-fab8-5e37-9abd-8397cadde451", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85be2392-cabe-59f5-bdff-f062d3f88770", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9406a2ea-49f9-5502-bd93-b79446edb591", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efdcc849-57f9-5592-93c7-dbb88a2b6dde", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0933827d-e95e-52f5-9bd7-2416e6cee1f5", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d1859ab-c09f-5c40-92bc-a09e41b9b41a", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f0000c1-4136-5e71-9798-7bf5220e5df9", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85943dc8-c394-5489-b32d-76fdc36bcf6c", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff289cfd-5315-5e3e-bd50-0117264b9ad3", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f7bd6b7-0ebd-54f3-980b-a5e5661e06b5", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8632e21-2602-585b-bcdd-b6c380df0020", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b21ad9b-34d2-5642-9524-64e6668c66d7", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d477c4e6-1ac3-5a1f-b600-81449d1e177a", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a024ae7-0acd-5367-82ca-7a1901c90c21", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a068da1-30f7-576e-91ce-5aae78e611b6", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1d23e3d-1f98-50e8-9b24-637fbd005cb0", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11b3ecaf-e3a9-5b3c-964f-ad118e2dde70", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e25a1ce4-f508-5b5b-aca0-75179a230612", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot@9.4.57.v20241219-tuxcare.1" } ] }