{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3df0f876-87fa-5a0d-9fdd-40eb33926843", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-server", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ab91f089-45cb-5eac-9262-768c80b04ed1", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0dbeb67e-6849-5724-922c-cc98a188511f", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5df8db46-8dff-56ff-9351-88c9c967e1c4", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:703eb006-a4cc-5f39-9988-6f9a1f496bf8", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcd5643c-bb33-5fd0-89b8-abb52cc9b7ac", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1261162-191c-5455-bffe-8c082070cbf2", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f638325e-ebf5-5b78-8f7b-a7294663550d", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9029e03f-f18c-5440-af80-b1656f3a0357", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5cc8ec94-f0ae-5fba-86da-2ed42763ad4a", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50e7d306-a0d8-5f5b-84c7-145b31dcd88f", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:214d3c2f-9f20-5cba-a44b-9dbc7fc349d8", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e9ceb0e-cd44-5eb4-b333-87f75a7e4c73", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97a0f287-f01d-5e1e-b23b-1d03b4024a47", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94c97f0a-0b58-5d54-9b0e-6ff8378e53d8", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:822bd05a-4f77-50cb-bc2e-553ab0bbe7dc", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae6b5094-15a9-5e41-9555-b437cfdd57b7", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40ff428a-ad1a-527f-9e30-0a18c6b255c9", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acfbcbe6-dab0-52a9-945a-5bc0e7ed0abc", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219-tuxcare.2" } ] }