{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:71161ed8-27ca-5ae1-83af-73488fc56a87", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-deploy", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bb263c4c-0631-5480-bdae-170c089665b9", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b5f903f-edc3-5827-8100-876fc2a0829e", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be131cb0-6ebd-51de-8081-cb904ff6a747", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28575739-86d1-5bd5-88ee-2426dabddcae", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e515208-9e47-5837-9093-c8fd307610ec", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fa38a6f-d790-5415-8504-996804961eb8", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6441ce9-5a25-5347-b3ca-2adbf18e1923", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:afe17233-7019-5dff-83ba-9ce1c866ed0a", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96b936d1-eac6-562d-a181-9fee019b0b7a", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10c9c2bc-bb76-5e8a-b048-6ec19ead4a6b", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9e52d88-2135-5307-917b-0c8a3f341de5", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d06a57ca-de6e-5583-a81d-dc682e659749", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7016db00-5e9d-550c-a76e-d509f5cc3910", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:332e35ea-c470-5ec1-ad24-ebbb994a1203", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:815bf7ec-9d2a-561e-8fcf-a51167cec194", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:903bc508-2235-5b12-8411-815abb8ac1da", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45c96663-3037-596f-9030-a9c781c3acd1", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25e57601-ff77-5e79-aa40-280d63c4788b", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-deploy." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.57.v20241219-tuxcare.2" } ] }