{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4527166b-a828-5dd7-8383-a4f03a1c6931", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-openjdk8-server", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fe67d86c-33da-5039-9556-f8fc92127af1", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1acb1004-a857-5dd5-a589-3f997b0c55b6", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1381632d-f5c3-5fb8-8572-7bdb3fb5f045", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8a92e80-b645-58f0-8156-2234d2d446d0", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b96b793-761b-529c-a9eb-c57b7943f1a7", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16f97d58-be0b-52ea-91a1-7108e847d8c4", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4df4d31a-2d92-5780-95ab-5f7690299786", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93e8a6ee-2967-5864-90ff-186843b4784f", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3b0443f-7553-5043-93b4-71ddb8b3ea2c", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:619b5aa0-56d4-5bdf-b1c1-0427568cf597", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99a7dcf2-df70-5aab-9210-d324ef349e78", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89a03c23-1705-5a52-b712-179740ca8381", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccad76b4-7518-53e8-9043-f14c053a244b", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7634acc-35df-5e8b-a78f-85ce546d9de1", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d69be451-b46e-526e-ade3-7584beb0dc46", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43cb2719-7ce7-5fdd-a3b4-05351ad78006", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f95440b5-f657-5d61-8dac-5475514ddb71", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6f6a87f-f19a-5b04-a64d-697195b1045f", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.57.v20241219-tuxcare.2" } ] }