{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b88602eb-81d7-5474-b70b-b05f79830d6b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-openjdk8-server", "version": "9.4.48.v20220622-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:62d39886-7a42-517e-ab33-8dce38e012c3", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdf910db-32c6-5147-8afd-d3159274a8df", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79041150-b929-5f64-b985-71341ac91d7a", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86e71604-0fb0-5043-bd9f-1e1866d27cd6", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfc13d77-fe9c-55bb-ab86-eb0801f644c8", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6556d36e-acf2-57d1-96b6-510675a7cfe0", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e981621a-c068-5204-9ae0-2db141410afb", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31626e82-128b-5cde-af14-120f48990f01", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58050f0c-8649-54ef-ba04-443cd490da40", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a05f53f4-ad65-5b1c-9a8f-9da42601b1c0", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71f1cbae-4a69-5612-aea3-1054e375ce19", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:955b36fe-a7c0-5ec5-9921-258f251da688", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27f0b315-a3ee-59ad-91a1-d99c3db14d53", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:871c0690-889c-5823-97cf-4f47c29a4190", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75a5066d-1dea-52f9-a550-dbd2c1a8e058", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efa3f7e3-f70c-5a5d-9529-48418484c367", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ad22188-484b-554e-9765-b93857c1e65b", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88e5d573-149d-57ab-afa7-3fb87de6b755", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7c5064e-4c74-5816-95cd-dab67dc6ab9a", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a183565-46d0-501c-a8b4-a256ab3fb4f0", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f95839ab-306d-510b-bf34-1b886d770b59", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.2" } ] }