{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fd2752b7-1e19-5150-b74e-ba871620ff83", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-openjdk8-server", "version": "9.4.48.v20220622-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:68992237-4470-51bc-9e30-f440b6d049d9", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b49c33e8-55bc-5b8e-ba69-1cc0fa050472", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56861ae9-b59b-5a61-acf2-e6b5972b083d", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85a7e7c8-71c2-5402-96f4-141f99466d6a", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02fd68dd-afd1-50fa-82c7-b077a50e8ec5", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b69c2065-9a7c-5598-aef5-f341f246c99c", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42a3b8ce-6350-5381-ac57-0eade23f8fef", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:622c78d4-33ad-574e-909b-e5ea3115a261", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dcaa7659-a84b-5747-b424-1443094aa9c0", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ed01c6d-3ad7-54ab-b740-cdc5692d5303", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53cb3a72-b41b-5947-9827-8dd1088ee697", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4db91025-22e8-5002-8958-46809defddcd", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9cdfbe4-dcef-5a86-bb69-fede1dbc7744", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68e74701-f882-5a87-b942-7a93c83b97c5", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0e038bb-75ca-50ad-ad85-cb04d81f7074", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36d8ac63-d796-5074-9fc2-b1d3267cb3e8", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ab97feb-4824-5f62-8488-10ec9fa34551", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f631831-4788-5237-82f6-6adb6125efb6", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45db73cd-b597-51af-9bba-f416a77ab04d", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d269bb0-649d-5fbf-8dec-5faf3804ade9", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ea1cbc6-22e6-52af-9e22-82521f2ebc7c", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.48.v20220622-tuxcare.3" } ] }