{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3eae632e-0594-5cbd-8a5d-67a3e771cc5e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-jaspi", "version": "9.4.48.v20220622-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4a47a459-733b-524c-a83d-035635adfcb2", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b523a206-e13d-584d-9829-ea374e56c63a", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b980bb8a-0197-59a1-a630-9d8e2f4d7bc1", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9aa93f4-68f6-5213-b73f-0aa245abb32e", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16618a7b-d75a-56cd-81a3-70569ae202df", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:921d1613-d4cb-58b5-820c-0e39e6d853ff", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8e00d59-be5d-56b7-abb9-0319c28d44df", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a2c3f2d-ff0c-5b0f-bdd1-4b7db5a3cf1d", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99632592-92a4-53ca-8404-0509285460ab", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8826cc46-3964-55fd-b568-1a4aa511b8c5", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d4155b9-fc8a-541e-9fee-1b6b43cd85ba", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e70d5e5e-9554-502e-9c8b-bfd9894251f2", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4b5371e-7dc5-511e-bb0e-fa3043963a8b", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d36dd6e-b67d-536b-8f8b-2b6b4e765438", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ebda8fca-c72e-5670-af83-044a470156ec", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd0a0c5c-6908-5169-b1ef-7dd58764a8a4", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45ff7eb7-fa1e-506d-a8d5-e9f1057fc252", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a5fff46-5028-5d31-b8e0-ac552d6f5369", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e1bdfb2-ab5c-586e-9848-baa0c840b3fc", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d6197c5-fb2f-5021-9c23-26d6149a7ab9", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86b2c8b0-5da7-53d6-9c18-5b2d26f61312", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.48.v20220622-tuxcare.3 of org.eclipse.jetty:jetty-jaspi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-jaspi@9.4.48.v20220622-tuxcare.3" } ] }