{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:68e06200-129e-50ed-802b-029a779baa12", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-util-ajax", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9a71b350-169d-5e34-beeb-bfc8e63a6aff", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb668030-1cdf-5348-b32a-097d70dc538e", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08447de7-4816-5a0d-a32a-ac2740d1689c", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c8ecd5f-5bb6-5491-ae1c-cf034df32c0f", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b76674e-ff73-5a2a-b32e-50e428617d2b", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc124ab0-f719-5535-afad-01d38e8efbcf", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c551de3-6ed7-532a-aa23-2d9d437932cd", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:063698a1-46ee-510b-bd1c-54f476482389", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24b142d3-29da-5ef2-89a5-94a5ee45b3ce", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57474f8d-c301-5ab3-b8b2-b7d7b57f3841", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92038603-73a1-52ea-9d44-0553c30fc011", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a9b8d3e-ce45-5ec2-b857-b390e5ee736b", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:811edff5-2ddf-5b32-9404-19626f05153a", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37950fa5-cf04-5fe1-9a5e-520a6d2a7697", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72acb3e7-c7cd-501a-a530-b9f0f9a99d6d", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e1918b9-88ff-5cfb-8c40-e46d97928968", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:491c53ed-e6f7-5daa-92f6-41244708423a", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8db13c56-2bc9-56e2-a1c7-6d30075f0992", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.1" } ] }