{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c198c05a-8907-5222-bae4-7d23f8e29bc5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-http2", "version": "4.1.112.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cc18750a-3896-5503-b630-f631a12610c2", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11feefb8-00e6-58b7-940e-315d492feedb", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2446c5bb-dc92-5cf9-8301-dcce8fb80292", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c835936-6987-5ccd-bc53-c79900c1bd0a", "id": "CVE-2025-55163", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55163 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:671ecf55-beef-5ad0-96ae-80257c6c9406", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f49c7590-f588-5f21-ace5-8346a61823ed", "id": "CVE-2025-58057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58057 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:388ad1f1-2c43-5a8c-ac3f-36aca276763d", "id": "CVE-2025-59419", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59419 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9405461-10c5-519c-a103-f9ca979f21f1", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5482daac-fb63-59ae-beaf-644919002d57", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7f0e9f2-4f81-54da-a43b-ac6f6379aef7", "id": "CVE-2026-33871", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-33871 is fixed in version 4.1.112.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.1" } ] }