{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:627541a1-5c9d-585b-99ec-08327f560c01", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-io", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8cab859f-b1fd-545e-9978-17fff65092e6", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:754c754d-d266-54ec-87b4-4d7941db022e", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09f6ce73-e2ef-5cf1-b70a-1ef0f959fa1a", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:310ec0bc-fd4e-5eba-a268-b19b050440b6", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ade57c80-6113-5f4f-9806-c040678a4129", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d36dc96-4249-58e2-9eed-e0968d116480", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b35d277-ebad-53d5-a41e-49c2814eea44", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ed407b7-51cb-5ab8-8dd4-d37428f0ceaa", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8afb95e-c2ad-5849-9a46-db805f542d10", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:285dbfd1-19cc-51c4-870b-69e2df3b6b8f", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5daafba-af83-5d7b-8c48-7d043258b2fb", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6e822cf-ebc4-54de-897e-92046bbc69b6", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83276cdc-27d3-5ec3-9938-21a6bf981579", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f2ab70b-bb61-5d3c-8f09-6a070ecb7c69", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea9d2bb5-5da0-5d72-a66a-5405aae9d052", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5642383b-eb2a-57db-9996-17d3b69ee5de", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17ea278f-694a-5013-a8cd-9f73001d33e1", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4a100f5-27f7-5e7b-aa96-a6910976e97a", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-io." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.57.v20241219-tuxcare.2" } ] }