{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3335bd16-7f27-5178-bf9b-dc2c84d4760c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1", "type": "library", "group": "io.undertow", "name": "undertow-servlet", "version": "2.3.10.Final-tuxcare.1", "purl": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fa8d597a-220c-5459-9624-028025825cf3", "id": "CVE-2016-6311", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2016-6311 is a false positive for io.undertow:undertow-servlet 2.3.10.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6586289-2b77-52a6-b77a-cc15c33bf1f7", "id": "CVE-2023-1973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-1973 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14fecd63-bdc2-5d30-8058-9594ab859304", "id": "CVE-2023-4639", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-4639 is fixed in version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5616ed8-ccd8-5b5a-8915-c009988c7b5a", "id": "CVE-2024-1459", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-1459 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d0b0d61-f1b9-59ba-a011-5f20cb63963b", "id": "CVE-2024-1635", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-1635 is fixed in version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9055a94a-a55b-51e1-9fa0-dcfc49946e37", "id": "CVE-2024-3653", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-3653 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0407e3c2-3220-54e5-9fa4-5fa59a9a3156", "id": "CVE-2024-3884", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-3884 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f577b61a-2a5a-5343-af7a-fe154b83d6c3", "id": "CVE-2024-4027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-4027 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:226fc03e-b27c-5322-846b-74de475c3784", "id": "CVE-2024-4109", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-4109 is a false positive for io.undertow:undertow-servlet 2.3.10.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:353a40e3-4619-5d40-a0cd-4be3ad23cea3", "id": "CVE-2024-5971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-5971 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa94524e-51b2-542c-958c-0b9b7512afae", "id": "CVE-2024-6162", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6162 is fixed in version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b822809-5118-5a00-983e-e3950f70a1a4", "id": "CVE-2024-7885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-7885 is fixed in version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7047a8ac-33b4-5c0e-8654-efdd2a7e087e", "id": "CVE-2025-12543", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-12543 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22f63f67-f70d-532d-8ead-801943f7e31b", "id": "CVE-2025-9784", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-9784 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc7271ca-e5aa-544b-80d6-003ff06b4a0b", "id": "CVE-2026-28367", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28367 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:baf287fe-b003-570f-b2ba-646430ae31cd", "id": "CVE-2026-28368", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28368 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77e5e7c5-79c0-547d-832d-2bfa707e4c9e", "id": "CVE-2026-28369", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28369 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db010c71-dd40-545e-8076-78f1be403fe0", "id": "CVE-2026-3260", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-3260 affects version 2.3.10.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.1" } ] }