{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9d476b2b-1992-52e9-a69a-b1325b421ddb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1", "type": "library", "group": "io.projectreactor.netty", "name": "reactor-netty-http-brave", "version": "1.0.0-tuxcare.1", "purl": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:58289515-1d52-535a-94c3-88f3e17dad55", "id": "CVE-2021-22929", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-22929 is a false positive for io.projectreactor.netty:reactor-netty-http-brave 1.0.0-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cb0c416-15f5-570f-8ea7-86803f0da090", "id": "CVE-2022-30334", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-30334 is a false positive for io.projectreactor.netty:reactor-netty-http-brave 1.0.0-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91be3c5e-52e2-570b-ba7b-05670fe242aa", "id": "CVE-2022-31684", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-31684 does not affect version 1.0.0-tuxcare.1 of io.projectreactor.netty:reactor-netty-http-brave. CVE-2022-31684 affects Reactor Netty HTTP Server versions 1.0.11\u20131.0.23 per Snyk and NVD. The vulnerability involves logging of HTTP request headers during invalid request handling, primarily in metrics handler classes (AbstractHttpServerMetricsHandler, AbstractChannelMetricsHandler, AbstractHttpClientMetricsHandler). These classes do not exist in version 1.0.0 \u2014 they were introduced in a later release. The vulnerable code paths are absent from this version, making it not affected." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a61495c-be11-56f3-bd0e-c197b04fe5ac", "id": "CVE-2022-47932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-47932 is a false positive for io.projectreactor.netty:reactor-netty-http-brave 1.0.0-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e14415ee-c893-5ee7-9194-d0ebf1b793cc", "id": "CVE-2022-47933", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-47933 is a false positive for io.projectreactor.netty:reactor-netty-http-brave 1.0.0-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4162ba65-c98f-5226-9303-ea38b6314b46", "id": "CVE-2022-47934", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-47934 is a false positive for io.projectreactor.netty:reactor-netty-http-brave 1.0.0-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66bb8b0d-1784-5755-a4ee-a7d606df79f3", "id": "CVE-2023-28360", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-28360 is a false positive for io.projectreactor.netty:reactor-netty-http-brave 1.0.0-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e3bad90-f16c-515e-b71f-7f27362d9cfd", "id": "CVE-2023-34054", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34054 affects version 1.0.0-tuxcare.1 of io.projectreactor.netty:reactor-netty-http-brave." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cbd3561-4eed-587c-8c56-4c4813b93423", "id": "CVE-2023-34062", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34062 is fixed in version 1.0.0-tuxcare.1 of io.projectreactor.netty:reactor-netty-http-brave." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ab2316a-4342-5dc0-9e13-5aeb96b58995", "id": "CVE-2023-4043", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-4043 is fixed in version 1.0.0-tuxcare.1 of io.projectreactor.netty:reactor-netty-http-brave." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:337cd1bd-ee9c-5db2-86d4-11331a2a9cd7", "id": "CVE-2023-7272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-7272 is fixed in version 1.0.0-tuxcare.1 of io.projectreactor.netty:reactor-netty-http-brave." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2032c8de-d3fa-5ae4-8025-b0014be9b939", "id": "CVE-2025-22227", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22227 is fixed in version 1.0.0-tuxcare.1 of io.projectreactor.netty:reactor-netty-http-brave." }, "affects": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.projectreactor.netty/reactor-netty-http-brave@1.0.0-tuxcare.1" } ] }