{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f64c15cd-f0f9-50de-9f6f-34c4359d1b43", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-maven-plugin", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:23aedf4b-35bb-5827-ab11-45a8e2d375e1", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b0c5dd2-ff55-5fd4-aeec-8ed71c495674", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6031b2e7-2142-5bfa-8de1-266fb56a2f63", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:195c2554-ae41-54c0-82ce-6803e34219c3", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e090a3ad-b1e1-54a3-bbb2-2c830563891d", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b58d76c5-cd11-5b9e-93af-5471262fab91", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f13469e1-63d3-515e-bf79-af5d02abc70e", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa4c1171-1f27-5e32-afea-6169833002d7", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba22cd52-7189-5409-b3d8-f5ead3277d8b", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07a38970-e07d-5c0a-8be1-749eb0ce969f", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cbfa3615-d8a5-5833-b797-b4f451392bff", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cb28b66-b944-56fd-b29d-7c693fe8d9f5", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:453e299a-8370-53fb-9847-14b71573b3e9", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:992353d3-a307-5bf6-bd84-8289bef28a06", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9c700be-d3de-5dbc-a6a9-6d175e488a4e", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e39cce1-8dd6-5eb3-b1bd-aefc590f4e7c", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b72addbe-3db0-534b-9add-3a6ac941ec52", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8e135fa-e2ec-59c6-a476-cdf3739cca70", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-maven-plugin@9.4.57.v20241219-tuxcare.2" } ] }