{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7af0460f-8d05-5b9e-bb30-15cf0be44051", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3", "type": "library", "group": "io.netty", "name": "netty-codec-xml", "version": "4.1.63.Final-tuxcare.3", "purl": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e89159d6-a97a-5840-8ccc-9a9da98dc151", "id": "CVE-2021-37136", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37136 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76abcc79-7098-54d1-9c8e-08e9f8f7418a", "id": "CVE-2021-37137", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37137 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:220715c6-68fd-54f0-a4a2-dcbfaab63c3d", "id": "CVE-2021-43797", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43797 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e19fa3af-7156-5a9a-a7b6-ea82b5bf995a", "id": "CVE-2022-24823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-24823 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0564c762-92c8-5fc1-9c4f-caf80d89849a", "id": "CVE-2022-41881", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-41881 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:491c789e-d8a0-5461-b71a-aa7a422cdf96", "id": "CVE-2022-41915", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-41915 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a8d19c0-8059-5dff-ad46-1eb8809047cb", "id": "CVE-2023-34462", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34462 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bcf5c14-2143-553e-961d-ce0f4231fead", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f0deea8-3e2b-500f-afbe-66e0ed3aad78", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-xml 4.1.63.Final-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4451e87-def2-5eb1-9639-45b938eaddec", "id": "CVE-2024-29025", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-29025 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2cd2223c-c680-51c9-8679-ba639986f0b5", "id": "CVE-2024-47535", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-47535 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc32fedb-3709-5262-9abb-e9d76c38f1a6", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc8203ac-eefa-543d-b0c5-c987679d0ebc", "id": "CVE-2025-25193", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-25193 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06f36dfe-deb4-5f40-98fd-0543fa434853", "id": "CVE-2025-55163", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55163 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f482c0b-9f5c-56e3-aa5e-468f25912acf", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:355826cc-31a1-5be4-9378-d735dfd3d7ff", "id": "CVE-2025-58057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58057 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3211e582-f824-5201-8948-60c43684b3ed", "id": "CVE-2025-59419", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59419 is fixed in version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30f04af4-fe59-5e72-bbc8-82b0b84143c3", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb1955d8-ef77-5f1a-a141-1c9e11b2fc5a", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7312f1b6-2449-5d67-8914-891a1d77f556", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de444845-b607-543f-8e84-cb2bd13f3e81", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.63.Final-tuxcare.3 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.63.Final-tuxcare.3" } ] }