{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f3731862-c682-58cc-9563-8ad349953ab6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "websocket-api", "version": "9.4.58.v20250814-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5520d6cd-b6ef-5eeb-980e-d6ce25d77ec4", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:297c6e4b-d154-5d7c-8ea0-4259d5cd48ce", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc5b0ceb-01c4-5eeb-942f-6d58b53f3967", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2443fc1-a15c-583d-b80e-f2b49371691d", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b16f305-3f34-532c-927a-43a7bfd00719", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c53aa891-4641-5459-902c-1b72b7cd5778", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c4c099a-ce79-5804-bdd5-e58c50eaeed8", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4e27c63-53d7-580b-a2e6-f70e93ca8d0a", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9fd778a-28d9-5926-87a7-85b37252d502", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e4e02a5-3992-57f0-8eab-a73f56131655", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e824917-7af5-58ad-9889-65c24e636306", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35feb011-47de-54c2-9a0a-0d2a3b9bf570", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0778d81e-cf29-5fd1-9821-72917a484b9c", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e9414ed-320e-5e5f-bf4e-31a6e2c9a787", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:741e7ad2-9b29-5f9a-82ad-9f9b44be0170", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:883e60a8-11db-5387-82cb-b115f611e154", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0ee5777-ddf0-5231-889b-432fbfd1c123", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty.websocket:websocket-api." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-api@9.4.58.v20250814-tuxcare.2" } ] }