{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9ee491f3-c0e7-5535-b015-d8c392207802", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1", "type": "library", "group": "io.undertow", "name": "undertow-parent", "version": "2.3.18.Final-tuxcare.1", "purl": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5cdca5bb-d576-5a12-a9b2-2d1aefc944a2", "id": "CVE-2016-6311", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6311 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a9e8791-145a-5fe9-ad5f-7e75e93308e2", "id": "CVE-2024-3884", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-3884 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7c8e139-d04b-5ec3-bb9f-d7d5abf3e873", "id": "CVE-2024-4027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-4027 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a78e0c13-ea85-5fd1-8ee6-adafd0af2039", "id": "CVE-2024-4109", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-4109 is a false positive for io.undertow:undertow-parent 2.3.18.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08f705fe-cc9c-5c0f-9ce8-17a0d1173625", "id": "CVE-2025-12543", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-12543 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c83075a-0619-531d-b4a5-2213456a4d6d", "id": "CVE-2025-9784", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-9784 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f0654c4-487e-5622-88fc-86498c470980", "id": "CVE-2026-28367", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28367 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfff65e8-2224-582d-8718-39c2b5ef0023", "id": "CVE-2026-28368", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28368 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:073072d8-65c5-5add-85b6-ff7e2c89a8c4", "id": "CVE-2026-28369", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28369 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52082d6b-26cd-56f4-8bd4-2bfedb6daca1", "id": "CVE-2026-3260", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-3260 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-parent." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.undertow/undertow-parent@2.3.18.Final-tuxcare.1" } ] }