{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:87dc6f48-4f43-50a8-8824-b5b0f447836a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-distribution", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1f79342d-28f7-5d65-a494-ebdc2a1cbb92", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f168148-95cd-5d02-8719-b65b139820cd", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d4d41e8-a12e-583f-a723-8b668ea7f476", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67c84f61-5f1d-5270-9be7-6c00537a3bbe", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2d88157-4067-5f46-8235-4c44c80e0d2b", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51e67665-7ae7-5b46-9d1c-7f038c2f4166", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9a41c77-167e-594d-b814-69cd54a5ddb4", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95c0f99e-b044-5022-b7f6-5f6433ac2656", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed79f769-1804-53cc-887f-a2151eebc77d", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b56935d1-1d1d-5656-be39-5171afd5e611", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11700d5d-e309-5d9f-8622-1fbc1e2fc9f5", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7b7ca6c-0486-5639-aed0-74d0eb95900e", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7e7660d-dad3-509e-ab31-990308ee1f5d", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d3af5f2-5764-5c58-837a-7cc9e36d56d4", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12d0c2c9-dd07-5cdb-99da-5f3b94bcde84", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7afbfc85-6e4b-588d-a727-644ee93562ba", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9664fb3f-a0aa-5983-8404-072937a8db89", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7254497-2169-5fa8-850a-2577727bc5a6", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-distribution." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-distribution@9.4.57.v20241219-tuxcare.1" } ] }