{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:93331c1e-6f13-5413-bc45-28651f888f20", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-xml", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4b5cdfe7-f2d3-5e12-81f0-f2c83d998b05", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75694e04-361c-5f1e-8a8b-9f8014827f73", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:793041f3-f859-5eba-82cc-863c148a2bca", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfa34918-1de8-5d1c-9f0c-7807bd105715", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f093b65a-7d8d-54c0-98bc-47eb7573fad6", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8ded16a-2b3a-5305-8ed6-e56cffbe367c", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc57d45f-96be-5d6a-9d50-1a7ab1974671", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7bfa6b0-6d92-55c0-b3ab-a4988db6f0c4", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c64e455-eca7-5954-b0ec-d038093663c6", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:093c07a4-7593-55e4-b5bd-e6053919573c", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4b5a5b4-0242-50d7-abdd-3b96ad2cbdcc", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a03e3313-029e-5853-a5e0-ffcc772f0cfb", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23ca68e7-0a44-5400-b3bb-6d84b336ff53", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ca1e53e-bcbf-5995-95f6-1d7d28c20642", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fd65498-33f5-5ecf-bfb5-aeb7fd552883", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab481aa-ec2f-5142-b52c-5fef28272fd2", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:777948b2-338f-51bd-ac1b-7583d9ddae12", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f8bd518-c3f0-5945-bfda-64f6068a7d46", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.57.v20241219-tuxcare.2" } ] }