{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:250d861c-75d9-5c71-af9f-7b3eded6f323", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "test-jetty-webapp", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6e19dce9-a7be-5690-8830-c0adf897796d", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ddc2089-790c-52aa-88aa-8ee802eb95e1", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a328c1e-ca98-5b10-8a4c-b41e73c1e1da", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bee65772-d91b-53b9-b18e-aad54e651936", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b04abaf0-a3c1-5f06-b2de-5803d5756821", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e86f75f-e60e-5ecd-b2ef-3646eaea72da", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c2a453d-145b-5ad3-90d9-50eaf2f40021", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2312c456-dabd-599f-87d3-f34fcd61a777", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4a5ffc6-178a-5964-8f38-78235fa5dd80", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9706a154-e7c3-5732-af66-db0e83820dd5", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22da3c9e-2019-52e3-9c3a-fd5d2ae5295c", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a26362b1-7af9-5b61-9877-a8c42fbec8c7", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d6eb557-6da3-552e-bc07-82e9838439f7", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c07ce64-c23d-5dfa-879b-e1eac052bf38", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c69a1025-6cb0-5b42-ae6f-a8016c510a9f", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f05595d-0292-5cdf-bd6d-79b62d2512dc", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d90774a-c219-5db1-8a02-a5da0097a4a0", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea4b63be-3380-5b80-b44e-3cbf8ff025be", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty:test-jetty-webapp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/test-jetty-webapp@9.4.57.v20241219-tuxcare.2" } ] }