{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ca33be6a-9f16-55b1-8883-5b5e00b7f659", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-webapp", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5f08fd38-efd9-5aea-81da-9fbe5387ea03", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e49dc92-2554-5dab-a547-bc58a3c031ce", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9065a9c0-a790-54f2-80ef-f8561bf72315", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b411550-3f9b-5567-8f9e-4a4b17f75762", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7646ef6e-c911-5283-96fb-99bb254e1e28", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd1860ff-0cbf-529a-ae6b-50a1ddd3f666", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28d5a1b5-3d79-5ec5-8199-3e008075cec4", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45b4590d-b218-5257-82a8-31b5e596632b", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78a88cbe-87b9-50d0-8c20-bc586ac51201", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:216bdfa8-11ec-5cac-824d-4b25cebc22e2", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4813788-b6b5-5c9d-9af3-0ffef1e1bf6e", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b34e332-f156-5f9b-9f68-6cb4d3dc8ff9", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:357c294b-8791-5c8b-8039-9bf675b62c77", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ff05730-f690-5710-96bb-90499b0f2501", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cac3fc49-2d42-520a-a00d-2655e946b4f2", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:271c289c-d109-5822-8d1e-6918c48b55e6", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:627ad387-3127-5599-9525-b8d3f8adea81", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fce4a26-f98b-5c33-9501-06a15eb8a2fe", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.1" } ] }