{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:00e76de9-d49c-52b0-8d1b-5d4f835d86a9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-spring", "version": "9.4.53.v20231009-tuxcare.5", "purl": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dcb18e21-108a-5d27-b428-020db0bc6abe", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7685f25-ab55-58e6-be0c-f54954f50085", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:824caa96-8d14-5da5-a002-25e0c4ca6cef", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ec14399-6640-53b1-afa5-9d2fcf2052ac", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2a8fa3f3-05c4-5782-b729-2cb5c802a79a", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:85a9e9d0-8239-5015-99e4-a4be3c90b120", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:51805deb-f75d-5987-98d7-1e488b780da7", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6b6a1935-6fb4-538f-84a9-c802c84dd9f1", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d6d7a98-a68e-55e8-9b21-6f5db26b1ec7", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:82fbe69b-ae73-5546-8e40-9d431415ad19", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49bb8b03-d578-5896-90b8-02ecb633f440", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3c9d39d-361c-59d8-af29-789058e167b7", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a16a0c15-4ef4-5c53-8dc5-95759197d466", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bfcf1f16-dd2c-5282-948c-8e8cc27727eb", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9b2ce9fc-1445-5675-b8f7-ffd5c685f685", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0d966536-1e24-55e9-973f-f10d824e33e0", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:517d3ae2-bf42-55d2-a6cb-d17937cdccd5", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ec488f6-5109-56a4-8bed-66715f5a32b3", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed0d0b9a-9b0f-5ba3-bc2d-f9b94812ff20", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39f110a0-1af5-5329-b727-0a5f09d74d05", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.5 of org.eclipse.jetty:jetty-spring." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-spring@9.4.53.v20231009-tuxcare.5" } ] }