{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:084e929f-3860-5d7b-ba62-76e82c57007c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "apache-jsp", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d658f67e-7d3f-5ecd-97c4-7938b7e2af71", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63b86fc9-ffee-5167-a663-ab55f7442b14", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27a87a02-c7fb-57dd-a20d-784ee463fcc5", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ed3a927-3f2b-588a-a789-25a04f4458a0", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccc6d219-7edd-5505-9df6-7a6a4c42b28b", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f93d434-89c3-591c-92ce-48e540559362", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e59875f-5583-5ac1-9638-18dba1bffcc4", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da4b6d8d-32bf-51f0-a9fd-b06fa2c3e4a4", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf9a9591-abdc-55eb-aa2f-f95bc704fc16", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3cc14b9-50e0-573a-b150-a8b60f144378", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f436054e-0338-54da-8283-af179972a4b2", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acd2987b-400a-576c-9030-8edcdf128c66", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1783f95-02c3-5720-b37f-7a947ccce8f2", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:257d3930-a24f-58a5-93b7-5ff1cb070eb3", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2546e38-5912-5df1-8838-e3e253fe5a18", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3970a094-dd89-50a1-bab0-f1e2aaa87a32", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7f2dd24-bca7-5f11-aad8-e016af7f6c6c", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64619241-dc2f-5a9a-94e7-e53f18be0b24", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.57.v20241219-tuxcare.2" } ] }