{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:253b4acb-4868-56cb-b863-8d44f2ced228", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-openid", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bdd34288-05dc-5f2b-aa2a-7a1a565829d1", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4c75ed2-33b6-55b2-bdfe-f1dc7afe7d03", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac712518-21eb-52f5-83f5-82341978ff66", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4fbed2e-6d42-56ce-9f17-ef8523b965f6", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69dabb58-bbe1-5b60-ad69-9d7a36914c84", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f27647d-96e7-5b2a-85a5-615aa74c9bc4", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fdd05ba-8b50-5a58-9668-6982dfe0bf6b", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a98d2c90-4af9-5bc4-ab29-6d2341675e88", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ae7a0af-84a7-5057-aa50-7e3d79bae2eb", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd30ae76-cba8-5b25-9939-0fe154398305", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2446967-a330-5ba8-97dd-8d4c6742796c", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4920b4ee-f4a0-50d9-bc32-8f02f4c774fb", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07eed1a8-2b63-5569-9b1e-260daa82350d", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b90ff521-5d57-5080-b497-62c983be9c72", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c8c4ce4-22a6-5816-a0e5-5b9fbe09d6e1", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:924687e5-82fb-5391-93c1-631b9e843406", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2606f6d-29ab-560f-898b-53477c93aba4", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3d5e64e-6e5a-58e9-8c07-65098da2a4b1", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-openid." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-openid@9.4.57.v20241219-tuxcare.1" } ] }