{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c23d8db6-2db5-560d-9415-a55d356526a3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-server", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:924f74e6-015f-58c6-bf9e-da473e7bfe7c", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:700672f2-4473-5134-9936-8332cc4cca0b", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9bcafd0-b252-5efa-9080-fd5c971d8ff9", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3c5b938-d42e-5a6b-bafe-971f01aa46d2", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdde0d07-5c02-5a70-a5e5-ebf1aa2a103c", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c94b63d-3d14-5fac-87f4-bf207beecf4f", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef8b7806-593e-5f71-b537-59b4dda5a9fa", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f344f555-be68-548d-8446-921c2d8265dd", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eeaafcd0-ef0a-5849-8c7a-29da9cd7f59f", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:978f2eed-bf51-5e24-b70d-0d47fdb2b408", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35a6b60f-efa4-592f-b7fd-45368e2d30ff", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28c056dc-9967-59e9-9da0-d1d640052aca", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1d2586c-40b4-5826-a0a9-278ace8586ee", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af9ffae1-47d7-55c3-ba5a-ed27c31508cb", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78cb5c9e-5dcc-552a-97d7-63ca3071eec2", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc2d984b-7040-5e18-85fc-d7877bc80034", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82f824b3-74db-564e-ba99-9236992f64f8", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09589860-24eb-5ad4-9f12-306a14d5fb29", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-alpn-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.57.v20241219-tuxcare.1" } ] }