{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1a144b0f-f28d-524a-a256-e4c5a195dcf6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-openjdk8-client", "version": "9.4.58.v20250814-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:46abfde1-1f8f-5bb2-8063-de586014bb64", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7cdcd815-9103-58e5-88a0-6a9380b3e441", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:028144c1-cbef-5851-b7e4-9979db6e0f8e", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa4b60b9-0fa8-5eec-a382-7a88aef7eaf2", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c574d3d-0ca9-513f-8f20-4da806892668", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60d854c5-3519-5e14-b2bd-6e26bf781fa1", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f24855da-c752-571a-883f-b114c8ad9337", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2beded60-30b7-576d-b9a9-cacc7b32024a", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2286363a-f1ed-55ff-b473-38814438fa47", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a238cce7-1356-594f-a57c-e4e12a9e498b", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:849c0208-8c74-56ce-8b13-5d90975ed560", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd9a7095-9706-5f67-860d-4726eba37947", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abd143df-28cf-5e80-a48e-5e40bb8544fa", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4d391ec-b7c1-5c06-9df9-2a9caace0f95", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b26f265-17a6-59f5-98eb-88b2c8963fe7", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d5bd2bf-0101-51a4-ac3f-c9bdc52c24aa", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be51be6b-f3b4-582c-acb4-4f0b664615cb", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.58.v20250814-tuxcare.2" } ] }