{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:79f179a9-a4fd-55fc-9bca-5d81282ee0ec", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-conscrypt-server", "version": "9.4.58.v20250814-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:04b08132-f174-5230-9dcf-a545a7929f59", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d349c50-e1e0-5021-aa7c-95c7246e47a2", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39b88243-28cf-5b26-8997-813629cdb9fe", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f850016-f297-5410-b70f-05fb6d3e6c47", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ba3ae12-49c6-5ac4-aea1-169097eb5e79", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f5dc98c-2e3f-5845-b1d3-9a91e77e388e", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5c87bc4-8c63-5e50-92df-edd02928f24e", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ee977d5-74ce-59a3-bb72-b9a2951ed7d7", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b901605-e78b-5768-8648-bf7b09a46062", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6428fd9c-164d-53e4-a04b-d10573fb6699", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18585a04-96f4-5ce5-a32e-02c11900b29a", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f2df453-3396-552b-bae9-e86f57201f03", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1226b2dc-b52a-56a4-b13f-a1b5a913e466", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2b7a922-8351-5c75-81c6-e09de4fc4845", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7049cc2-7a9c-52ac-bcfb-52b73013a2f1", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:734e069f-a613-5727-9da8-f530c5e694f0", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6def536a-6d21-55c9-b23c-41bf22a4150b", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.58.v20250814-tuxcare.2" } ] }