{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e337661f-6c4e-572b-8ee8-5513c187739b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-xml", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:41522f3a-a4d3-529b-996d-cc6324c69065", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc764550-c8ae-5738-a4b6-1e2ba80f9ebf", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:691a3f16-b253-58ed-8d65-cf563de47445", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47ffc487-25f9-5a4d-ba3a-77d653d6f6a1", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:940f5554-6ffe-53c1-a3c4-d4cb6429c587", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe9f1f15-36a3-530c-b327-c6e78e08b9e0", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fcbe0c9-8b59-5cd8-b2df-06f5e968d9a8", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7f0fc70-0681-59da-a97d-06549a427065", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0f4e805-2c6d-5373-902c-fe77283e6c30", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ee928ed-2f11-5b09-8de9-468a0cabdd58", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72a4914a-9264-5362-a0ac-cc934e2bb52f", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5a33dae-1c4b-51ff-9fc5-c8bc9aeb609f", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bbddcee-d7b6-54c8-9d48-dc111afc4326", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a207ae15-ad2c-512d-a2ec-54bd39c70558", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20b59a16-decb-5065-9ec4-0105925325f0", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de939f05-9939-5ddc-a24d-c86920ea31e8", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36bf7306-ae69-50d6-8a37-4978b94f4e9d", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2af506ff-12af-5cae-a3bf-82e908babb0b", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.1" } ] }