{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6e83baa0-c008-52fc-8aa1-679ec8eb30c1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "apache-jsp", "version": "9.4.48.v20220622-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b1773dc8-1f55-5fce-8965-6ad3775dedcb", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78067cfc-3155-5f73-a0cc-a77c4acb1750", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdcea925-fa93-5341-9ad0-3a2e53738650", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcb7d56d-d64a-5832-b01d-91aa07d65377", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c3ea4d6-3e0a-5119-a791-ddade9e26e12", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99c418d2-f824-566c-8fd3-de099ae20fe2", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f10cba6-f48e-5b88-a649-4efddc1ad9ec", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e84d545-4239-5eec-b4ce-206a903502a2", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13dca3b7-f7de-5eab-8425-3c7e2e441bcf", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5206b84-6646-5936-883c-0a730f0ec5c3", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3aa69448-4191-53fa-887d-fbde0134965c", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e2f2c02-3582-5d2f-be77-916e1ba224eb", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca3c62a0-84bd-5e7e-8098-f318eb62cda2", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea3b6e7b-97d3-599e-ab63-b66f4089e058", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7be2efd9-259d-5348-8b30-e25d968dcae2", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:deae123c-a116-54b6-8145-6168e2c1ee9b", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01dd3c07-3b81-5a54-a912-01c9ebb8a8da", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d6561e9-7c45-5820-8dc3-0de31753ba20", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4d027dc-2e5c-56e8-97f1-9c90c5942d39", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:913616ce-bb4a-5a5e-9f84-4102f669dc4e", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72d8790f-5806-5667-8d26-9ccc23c1687d", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.2" } ] }