{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0b0a74c5-307c-5935-9cf5-81530d12702e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2", "type": "library", "group": "io.netty", "name": "netty-codec-http2", "version": "4.1.112.Final-tuxcare.2", "purl": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e74a219a-60ef-5c82-ae87-727efef9e95e", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4b3cbe3-1f65-55e6-9f8e-faa50f3bdf8f", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efad490c-0a21-5a71-a0a9-f6db6e452235", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:058aa271-264b-5863-b0ce-bc9f4d0d219a", "id": "CVE-2025-55163", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55163 is fixed in version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7eb7b50c-375d-58f0-89d7-f395bb2b682e", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1be6cd8f-5380-5608-a824-4db3e8578648", "id": "CVE-2025-58057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58057 is fixed in version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c041249e-4e2c-5902-b2df-39e26ba4b808", "id": "CVE-2025-59419", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59419 is fixed in version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b40d3a2-0af1-5f83-bd83-3da4fd38413c", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc6f2100-9139-50cc-a554-2dab564a1db5", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b50d3c50-2857-535a-bca9-1745783dbe6d", "id": "CVE-2026-33871", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-33871 is fixed in version 4.1.112.Final-tuxcare.2 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.112.Final-tuxcare.2" } ] }