{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5eb59879-792d-571e-bd2d-37131a1e4ccb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "apache-jstl", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:88af07b2-8b7b-5b18-b2ce-b30cc982d1f6", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61e9e1d4-c0ec-5f1a-8540-b481e7f7cda0", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8dedcb2e-cf59-5ef8-b6ff-74606407c244", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c44abf19-9d97-53b5-a139-a420dd4e6bb2", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fc86957-2ea9-5994-b3c9-2c9bef71c814", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ed77f57-3a98-5ad3-8a85-97b96e5453df", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2400b607-bb59-5f98-981f-dbaf3d540167", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aad73699-c09d-5bb9-899d-f8b60d1f33c7", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d2af9e5-86de-52db-a219-30803bec6b6d", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d699852-e2e9-517a-811f-2a282fcfffe9", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1040bee2-28a2-5de1-b686-1b3c27fcc598", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b46e3e19-949b-51db-8d7a-b151a08ca560", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a1d0bce-ea2d-59a8-b7a7-679eeac406f6", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0dfbd43a-5019-5356-a8c6-8be14ef2e31d", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31588b20-1530-5d90-bd5e-47922760c00e", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22eb503d-af30-5caa-8eeb-874347bd1235", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64eb1f26-009c-5d0e-a12a-62a82c325490", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0928b998-8182-5519-83c7-149fc707f4a5", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:apache-jstl." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jstl@9.4.57.v20241219-tuxcare.1" } ] }