{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:27f4a784-0060-5acc-b708-78366422113f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-http", "version": "4.1.48.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:372b2b00-5065-5229-98c7-a1bae68e4225", "id": "CVE-2021-21290", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-21290 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7653ddcd-88b6-532c-bc07-40da1ea65788", "id": "CVE-2021-21295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-21295 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89473e18-d3f5-54c8-9103-ac45445cdeb9", "id": "CVE-2021-21409", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-21409 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f1d0f36-5efe-58f7-9072-e0ef856e18ac", "id": "CVE-2021-37136", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37136 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c30e3f1-bea0-59e5-84ba-8e22effb4b37", "id": "CVE-2021-37137", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37137 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a804258-d78f-57d9-adbd-4d7a486ad6cf", "id": "CVE-2021-43797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43797 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3c070e6-e964-5bab-99b8-73f678ba21d8", "id": "CVE-2022-24823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24823 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c49d3669-21fc-5ac7-b736-375543af6011", "id": "CVE-2022-41881", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41881 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d4d9f0a-c038-5acb-b308-94ff95e01f98", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e229ec03-b69a-56af-be24-06ccbaa3642e", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fce7ac0-47b9-50c5-a814-8d8a67174a82", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcdb3c2c-d8b9-5e91-9bdb-35e656925f50", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-http 4.1.48.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4549ee57-d8dc-53e7-8d48-9793a8d60496", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6a0dae8-8043-5933-9af0-fdee0b7eb584", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e3baa42-58a1-5f43-b3c7-b3ed33ad3fbf", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97e2cbde-0359-5d01-a47c-acdf943a4639", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e963466-afe0-535f-9ee3-2198a6067f2a", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e26a52ad-8003-51a6-9b64-cd0d68bbe6d9", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1dc9ab62-8a39-576f-813f-793a602b9033", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50c50ad7-75b6-568c-99f7-54008aff20fb", "id": "CVE-2025-59419", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59419 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2530891a-7fd4-5c58-818b-33577c10616b", "id": "CVE-2025-67735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-67735 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3de1998-1f76-5508-a196-b12d90e29827", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ffb83315-b97f-50f5-9aac-2c9ad8e1ea01", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae4f32d6-3a60-558e-a95a-72f83726d665", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-http." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.48.Final-tuxcare.1" } ] }