{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a63d9e5b-dc86-5ffd-8246-ef2588e82cad", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-util", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c9107284-9924-57dd-bca5-ad0e9848d273", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1563f1ca-3aa7-50fc-a770-c4dab2e01f14", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e279f9b5-ef81-5309-8e08-77fe3cc6474b", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfa50a0c-151f-58a1-a30b-14e7937d9b9a", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b374a2c-4478-582f-a95a-3780c8ef554b", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5fa724f-5041-5da2-aa86-046de93c0d9e", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19152d01-9375-5bd3-8087-3f9faca72d2d", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c700eec1-8506-5bd2-9919-d6dfcbb39ab2", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9ba7207-8a69-5984-b24f-04ece8836dd1", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5825cc38-42be-58b6-b2ac-19cd03fc77ed", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13aa7888-ba17-5d7d-a8c6-e46672ccd8bf", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:216c755e-65ff-500b-a6a3-de5d5c90e2cc", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af29d3fc-8144-5079-9deb-6eb295f299d2", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6d359a4-d9f2-5e64-93d4-70742dd8b0b1", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1dc0c12-60b3-58a0-b76b-3875273400d1", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67589b34-c575-5016-95c5-adc584aca84e", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:007a75cf-bcbe-52cd-b94a-b9178535b567", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d3378fd-4400-5479-b097-1093fbc38374", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-util." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.57.v20241219-tuxcare.1" } ] }