{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:54e8e853-aabd-586e-b6ed-020e0532297f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-openjdk8-server", "version": "9.4.58.v20250814-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3640e406-1267-5a4c-8a05-0b574aa8ecfa", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51342938-5d27-5a9c-90fe-156ead071350", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2aa9410a-98a1-53c7-9fbc-e55abf33319d", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d755184a-f18a-5700-a3e9-eae60d802e0a", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5fada1b-884e-5008-a161-28b01650daad", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c319bf6e-1277-5c86-a9e0-17bed23dae93", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2ed1da0-9c02-5d7c-a389-9753a09ca41f", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46c1699b-0d56-5e18-a29d-c96d8d8eaad3", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54a1a4fc-243e-5c06-922c-4dbb21c6633f", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5d626bc-6b69-5d82-bb71-864081a7bc8c", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b00acb53-9b4b-5339-8340-90ed1249312a", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a03ffef-cb15-5d26-b948-c6e9cf7f8e6e", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3b387e2-b69d-543f-b48c-39c7e2e9cb12", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b32d488-8775-5c51-bdaf-07d1ed260f33", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e373014-3144-5b19-917c-bd361ec49d0d", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e9e588f-e45a-58c5-81d8-0b3f213333ff", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5df7f7c7-25ab-586f-b55c-8fdcd1e9c519", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.2 of org.eclipse.jetty:jetty-alpn-openjdk8-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.58.v20250814-tuxcare.2" } ] }