{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:27cc4b18-346d-5dbb-a40d-98b07ad9808a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-mqtt", "version": "4.1.63.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4c40d381-8bbd-5c67-83f9-2185227cfa11", "id": "CVE-2021-37136", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37136 is fixed in version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b56fcf76-9bec-5885-87f2-e2ec7e7009b0", "id": "CVE-2021-37137", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37137 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28dc433c-0ffd-55a7-8e96-74f8db4b8d68", "id": "CVE-2021-43797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43797 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a56915fa-e192-5bb3-a94e-dbcda1ce41e2", "id": "CVE-2022-24823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24823 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a9b05eb-7284-5fe3-8e86-96cd6345990e", "id": "CVE-2022-41881", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41881 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b92be29-8fef-5b2f-a23e-881ccea0483a", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2189b9ed-d9cf-56f4-ba98-18431be438be", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:290da5cd-600f-5ba9-aa4a-4f32a2feebc8", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:825d26b5-ffdd-52d0-a89b-9ba2a9f80818", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-mqtt 4.1.63.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c986638-e6e1-5b13-b023-6e6a31272c42", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3e14440-c98d-561a-96c8-006855ecbc9b", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7415c5b-c633-5430-a989-fca1c750e40d", "id": "CVE-2025-24970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24970 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4031aaf-ae78-544f-998b-472f54c63b39", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67edef1c-8ed8-560e-a25d-efd77ff9b176", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a08551e-413d-5848-b624-279cd8a3d168", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d788a4ea-7656-5742-9bcb-fda95f6459dd", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0963aa9-34fe-5426-8edb-7764f1d91ad7", "id": "CVE-2025-59419", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59419 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddb674c5-9344-53ab-b216-0619ea3e67b6", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0aa7407b-a079-588d-a97d-773ebc099c3a", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d37449f-e95e-5812-a770-4a6e0ce71f62", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb34ace4-d748-5e55-bc54-af17ed74929b", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }