{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6a6a2503-74e4-5452-b051-fd2bf2f2c7f8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1", "type": "library", "group": "io.undertow", "name": "undertow-core", "version": "2.3.18.Final-tuxcare.1", "purl": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:59e1c902-185c-59cd-9fc3-4b19a99789a8", "id": "CVE-2016-6311", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6311 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f662bbd7-d2df-5d03-b6d2-fc07fba0f7af", "id": "CVE-2024-3884", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-3884 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48ecd794-e901-5b00-8cde-8a8652b33b8b", "id": "CVE-2024-4027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-4027 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bd1dc41-9241-53c0-b454-2eb346bd9e2a", "id": "CVE-2024-4109", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-4109 is a false positive for io.undertow:undertow-core 2.3.18.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cccb1f3e-15ab-57a5-9476-183b587b401f", "id": "CVE-2025-12543", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-12543 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:078a3c39-d85f-57b8-9da9-77aae1906e5c", "id": "CVE-2025-9784", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-9784 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fe23fc3-4dc8-593d-b555-abd0d0f70bf7", "id": "CVE-2026-28367", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28367 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93c7301e-c961-5caa-a743-bdab203fad61", "id": "CVE-2026-28368", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28368 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c3b32a7-08bd-53ca-b071-fbedad498093", "id": "CVE-2026-28369", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28369 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9955b832-9733-563d-b67c-31a509daa4f4", "id": "CVE-2026-3260", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-3260 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-core." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.undertow/undertow-core@2.3.18.Final-tuxcare.1" } ] }