{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ee4c185c-b1ba-5da4-bb5a-9437705cb3bf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-webapp", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6e536016-d49c-52d8-916c-00830ac384ce", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c64ca079-7262-5104-b9cf-c888a89e5c73", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:748f794b-71fc-52e3-8a74-9d37dcab6226", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:506e6d6f-0beb-5ced-aae6-ac7da301c3a4", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31f6a335-0736-50f5-831d-9ef61195c6ca", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49b02e14-a37e-5198-bb0f-e513ead1f76a", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0de2194a-858c-519e-bf9c-a3a161db542e", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26c1dd3d-20b3-52bf-9771-942766296155", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08178c6c-abb1-57b9-b8d8-b5a1b7b18dca", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cc27d51-23cc-510b-a42e-b1dbc3947f81", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ecc8fec-6663-5e26-a9bc-2726c2f49182", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:377fde79-638b-54e7-b743-a83982d9b4ee", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95b40d32-8aa9-525a-9285-de1e87d26c53", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73d971fd-f34c-5397-82a5-775d9947374b", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b1ba7c7-ecb9-5643-bcea-f35ffa8657ac", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fb79b33-65cd-502f-b295-90116f474c4e", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:416d405d-a1e5-54b3-9422-b114d76b4511", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d939f79d-30a6-56b1-ab30-72fef6664472", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }