{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e625a786-082d-5468-b3f6-da99103a31e9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1", "type": "library", "group": "io.undertow", "name": "undertow-dist", "version": "2.3.18.Final-tuxcare.1", "purl": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43122eac-5fe2-5e6b-bae7-69a2ebd35861", "id": "CVE-2016-6311", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6311 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81e9cc9f-d881-5635-8e29-53b3a6fc0d94", "id": "CVE-2024-3884", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-3884 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62fb41ec-ef42-5b5f-b5ce-d557215c98a8", "id": "CVE-2024-4027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-4027 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2922712-231b-5f27-a62b-d44fd8f6d332", "id": "CVE-2024-4109", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-4109 is a false positive for io.undertow:undertow-dist 2.3.18.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fe2d888-e604-5f50-a425-ab7ed01fe9d7", "id": "CVE-2025-12543", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-12543 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06b0e598-c32b-5f5f-829f-256bf5605cfc", "id": "CVE-2025-9784", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-9784 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:197ee9e5-7126-5d69-8b4b-ed2fa69f62ef", "id": "CVE-2026-28367", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28367 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4f41bf1-b394-52be-aaf6-6612d32dbe47", "id": "CVE-2026-28368", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28368 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df0208ea-4d6f-5260-bbe5-ac5a1d7341d7", "id": "CVE-2026-28369", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28369 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2fafc49-ace7-5fe8-8703-73e3858e3762", "id": "CVE-2026-3260", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-3260 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-dist." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.undertow/undertow-dist@2.3.18.Final-tuxcare.1" } ] }