{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:22cf84e4-367e-50e8-8a27-cf34e978c2bc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-conscrypt-server", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ed5c83fb-bd33-5952-9c27-d4a791370019", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9bf43b5-ce8d-5153-a407-5015bd4bfeeb", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a090c414-3993-5f5b-a3aa-ddb10a9a6d0a", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83e88b97-0d11-597c-a56e-222ce30829cc", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc6dad6f-d52d-5c79-a303-10ee6cf1e7bb", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26a84e8c-f1e6-5132-a86f-def52c70265c", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:738caaa1-dc01-5dda-aa99-674de994795b", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4b70489-7685-5b38-a2a3-bc9a02536c21", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7024985f-eda5-5f7c-aebd-3586e73252f7", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91ac0531-214d-5c07-840b-f0b91cd2ba22", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1cdf4fe-1b98-5719-af09-50b307ece8d4", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e96c466f-8ea0-575c-a0d6-b8e5a2f4fa20", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:441bb388-839c-512b-ae81-d8f1cefd4692", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:352f66b6-cfbb-5af8-bc69-8d10b3080dbb", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4aab4ad1-85e8-577c-8c87-3396eafb968d", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:107db0a1-5eed-5cb9-9d21-24d78a4cf9f3", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbf8f314-f523-5d58-9316-cf7ccc38d358", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:215f0186-d84d-50d8-82a4-850c93fb8b00", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.57.v20241219-tuxcare.2" } ] }