{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:947db43e-6951-55a7-8629-52bb26b90155", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.osgi", "name": "jetty-osgi-project", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4f7fd8ba-dc81-546f-97de-9d6a57a00da4", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe28b751-c10a-5303-b538-7226dc38a8ac", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f36275f-b630-5996-8dd1-3bf1e862f8a4", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6485e5f6-509a-524f-ba32-97a9b5e2747f", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a966d6e5-9db1-556f-b267-6cc094817b28", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0711e8c-0c51-5cb9-9f7a-2d078c66e6db", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f03f45b7-1c65-5b6b-ab47-d4a553410b99", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a969e97f-7d35-5fa6-93f2-2a469c61afd9", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6f67634-a617-50f3-89b4-4d3fab08b923", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51916ab4-c8f2-5d58-9d7d-78166f693260", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3deada50-8c3a-5526-bac6-204c12494bc3", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45c2abd3-636c-5ec3-b939-9963af344644", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba0ea953-eb69-512f-8cc4-84f5e48d5dae", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b929689a-12fd-5a29-9c88-29412150c980", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae500435-5ce0-5400-a206-de4bce238207", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d98a3326-2a29-5732-b21b-c624ab8793c0", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d61270a-5d8b-5618-93a7-8a33e85668fa", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94c8ecd8-e2cd-579d-b2f1-402b95814f00", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-project." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-project@9.4.57.v20241219-tuxcare.1" } ] }