{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2b6eddf9-76fa-5c15-b9ad-e51272f9d3b3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-xml", "version": "4.1.48.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:24fd5dcc-a8df-558d-95ba-641acaea2276", "id": "CVE-2021-21290", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-21290 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d93cab93-71da-5ab4-9f6e-ef14989530a8", "id": "CVE-2021-21295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-21295 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aeef2e60-a419-5bf8-8274-2930f3e98e9c", "id": "CVE-2021-21409", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-21409 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3caba34a-c97c-5452-b635-b1f2035e3867", "id": "CVE-2021-37136", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37136 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d994cb00-9a84-548c-a6dd-383e27d6417e", "id": "CVE-2021-37137", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37137 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98eac332-7a7b-5c8e-92b8-c3792d5822c1", "id": "CVE-2021-43797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43797 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c641ee63-796c-5f8a-87aa-4cb5a04ea021", "id": "CVE-2022-24823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24823 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:729762ca-a719-52dc-b4a6-87d38f5e6506", "id": "CVE-2022-41881", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41881 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bf5b657-e006-5a4d-a3bf-761c5c3af104", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6782dbb4-6223-5645-82ff-7cae88bee4dc", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eb87063-e40a-5c45-bb0a-b387595e11e6", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bcf1932-e9e5-58cf-839a-91a1494fa41a", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-xml 4.1.48.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59f48499-9cf7-5a0f-a13f-5b7e2ee86796", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:928ae54f-7c02-5d1f-b0e7-38eb3b4d4e7e", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6234756-8560-568b-a4aa-a0a89d4b7b58", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dca9b965-2142-59b7-83ee-4a6c60da80f6", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7314648c-5274-5ed6-9af6-201f1e129c62", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56f5e568-05a7-52b2-aad4-59608b43ba8f", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8901fa3-60c4-5385-be09-15160962438f", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eafbbafa-2f77-5d2f-bdfd-9a7da5c3ccb6", "id": "CVE-2025-59419", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59419 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c38a2eea-a9b7-5312-abf0-990d21347cdb", "id": "CVE-2025-67735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-67735 is fixed in version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0cb1fc6f-e1d9-5bcb-a06c-99c76b651a33", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4cbed0d-c923-5aad-b140-843c52756b52", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e796fe6-4cbd-58f6-a588-a28fd2477b99", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.48.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.48.Final-tuxcare.1" } ] }