{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:06776a7d-c21b-55c7-8c74-5238181178a3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-util-ajax", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f30ff54a-f0b9-5763-b0ee-57ec06e78bdc", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5176cf33-4e05-5a5c-8977-3b4660f2e4df", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58e97fe8-6840-5990-95f2-0f0f48730ad5", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:125886e0-5a4b-5037-99ab-4d039a40d781", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4df3c49-2cab-512c-b736-653bebadb0da", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47f30d92-95f0-53df-b22a-d9dfde731bb1", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5193c7f-3e9f-56f2-acff-8f7492ebba1c", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d036f3c2-0d3a-561f-b217-743a0349bffa", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8958e70c-4190-5b4a-96f0-21501a80b0ac", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86fa68b8-e6be-5b7d-91e7-6685301c70a0", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ec065ad-6546-5fda-a0c6-9418abe645e3", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0766962c-185f-5bf8-9971-8f5c0f9c5bc4", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55eaa041-79fc-5f03-9f1f-e1c632de91e9", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d639dd9a-e077-5974-8b40-6c35e3e323be", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4abff69f-e166-5886-8f26-cf986339289c", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00d5c525-e23e-5f0c-a269-2597548f82bc", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48043a29-a4b1-55ec-9712-d7577f45dcca", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f71dff6-2bc3-5c9a-87d1-523a2ff476db", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-util-ajax." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.57.v20241219-tuxcare.2" } ] }