{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c1270cd-ed4a-5893-9430-dc52c73a9d82", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-conscrypt-server", "version": "9.4.58.v20250814-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:766caf7e-10a5-5a02-88f8-641d15e533af", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c75c1780-f0ff-56c4-b6bf-bf8bf86ccfac", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9983305-5806-5ac7-9709-f58f7092ec7a", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ce77443-efdd-5a0f-aa52-717b01fba7ee", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a82fcd1-8279-52a3-a87a-51583b718309", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83fdc048-08ef-58e2-aaaa-e58ccae9ba31", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82b328aa-0567-594d-b077-3027250b6655", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82cae006-7a6e-5657-873c-69f910f0ce1f", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e84f53b-dae5-5a2c-883c-81cbaa6aea7f", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9c08789-7f4f-507a-af55-b102292ee7a7", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd558258-363b-52d6-8a28-3da3e533e028", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:510cb42c-5425-534e-b0d2-d4c1f36562f8", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a41a9c44-0d48-51dc-b809-5404b916392e", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea2a8abc-fa8c-59ef-b0b0-6d8322c7862f", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bd0e2bf-5dac-5126-8460-da38cdba5d62", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d968f476-dec6-5a74-b244-9487dca3eade", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f62e942a-ee37-5331-92a7-ab1789b717e4", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.1" } ] }