{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb026b11-d168-5e62-9589-5365f06f976d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "javax-websocket-client-impl", "version": "9.4.58.v20250814-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3f84470-4016-5456-921c-e6ef3a4af581", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ca5b564-33ae-5a57-a07e-31cdbdf1336f", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fa6985c-fdc2-5034-93e3-66ad99b4daa6", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dca0f5d-4bc5-50e5-9dde-35c638257436", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69c0712a-c9e6-5ad2-9034-ec64d7bb91b7", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f148e77-b9f0-5244-aaea-1f85c380b73a", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f45ae7c1-2179-5130-bfd3-3b22e619a52e", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8dcdf333-eea7-5449-84a3-fdd853197445", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75bd9fb5-1e55-52e0-b200-d118a5e05392", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0735cbf3-0d13-5d84-a05e-93e0e59c1d0c", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1913cb1-9435-54aa-a8e9-fd51a8d153f3", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b4ce338-ed88-5dde-9534-8f8c0cb2d239", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f901f4d-c68e-5829-8ed1-a1cdaef6d1dd", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:153c342a-431f-553f-8da4-2b2d0a63237c", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e40e3cf5-42c2-5413-b90f-d9a816beb244", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60475840-9ea5-5480-8d25-7db3b4c1b348", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9ea5cd4-90d5-5bb9-a563-a788fcd75f7d", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:javax-websocket-client-impl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/javax-websocket-client-impl@9.4.58.v20250814-tuxcare.2" } ] }