{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fab6ed91-afe1-5b7d-a6e0-3565255e2a7f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-http2", "version": "4.1.63.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b01e1a59-4a4c-569f-9574-a626c7f79a4b", "id": "CVE-2021-37136", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37136 is fixed in version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1240cc66-45e7-56eb-9edc-a588374a38af", "id": "CVE-2021-37137", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37137 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88f711d1-9c11-58d9-bb75-fedbc7b9da1b", "id": "CVE-2021-43797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43797 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32e8d1bc-42d5-5a4e-ab4e-62cd9e48d098", "id": "CVE-2022-24823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24823 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43dcd51d-8f9e-5718-8df6-1f6fafac4ebb", "id": "CVE-2022-41881", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41881 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c460b02-af5c-5d7f-9808-7fd2d43b58f1", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ecdcc77-b984-5997-96c6-48041f3151c7", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee3b6c31-9b35-5af2-bc6e-0edbcc873c25", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:faf0f969-5891-554b-b3ac-e6b0ddf4675d", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-http2 4.1.63.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcc5d5c9-94c8-53dd-be30-3c6b7371d0a7", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d48a4c7-a208-5bbd-acf1-90eaec156ce4", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1414229-1674-5cff-9fad-13db7befd7b0", "id": "CVE-2025-24970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24970 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7a751dd-d13b-52b8-9c86-e52c9834b9ea", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:283894e0-b895-5e20-ab48-770a4be40e87", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b19fec6a-8167-56cd-be6c-1c9e892df139", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f18b40e9-6380-5d69-801f-b5f1ef0b16ff", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82586e48-3d44-5818-9af9-f5469ce4c85d", "id": "CVE-2025-59419", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59419 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c613773-6372-5671-bf19-b758de2d47b3", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98abb322-657f-5b72-a9c6-cf30f535e968", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88642f7b-71e2-5a2f-a648-356e65946b34", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73f51ff6-b60d-5abe-a448-dcc7824ef387", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }