{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6fee0bd4-15e4-5c71-be7c-2a88d3916f69", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-xml", "version": "4.1.73.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:60058b65-d035-5f22-8c65-75b380d860f5", "id": "CVE-2022-24823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-24823 is fixed in version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae6f9ed6-78e7-5cdb-94c2-edf1a8ad7f82", "id": "CVE-2022-41881", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-41881 is fixed in version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8041bf2-57c3-50c7-8ac9-a15fa3f3fd7d", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66dbe204-f9e6-5b63-90f9-57a36ffa249d", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdf34808-26de-54e6-860b-20be2356db58", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c14d4ca4-6c11-56e0-9c5f-b1a3280aa8ff", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-xml 4.1.73.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a32515c-e368-565f-aeee-44897756e468", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d0ac437-4175-589c-8565-27c7f0f45cfc", "id": "CVE-2024-47535", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-47535 is fixed in version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d23043fa-ba0c-5eae-99fc-5fef60019dcb", "id": "CVE-2025-24970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24970 is fixed in version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8958fe96-b912-5381-9ee4-1962a15a36bd", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b245d475-8c4e-568d-be49-93b243ca8363", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19cc8187-f20c-5fb7-931d-f5770dde47b6", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3592c348-ed91-562e-b510-62fd261e5a5b", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bc9e21d-91cb-561b-a2b4-a48ea719dadf", "id": "CVE-2025-59419", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59419 is fixed in version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a43f8fd1-2ad8-5478-8aa2-25a0ba75b8dd", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5664c88-afa3-57ec-8de0-6b6c877a05ed", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e1b2c8b-0869-5be3-9722-ff4248fe44ed", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7de35ad-f68b-5a34-bff0-d7c9b2b3cd4f", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.73.Final-tuxcare.1 of io.netty:netty-codec-xml." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-xml@4.1.73.Final-tuxcare.1" } ] }