{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c84410db-c434-56fc-99cb-f84a83a9ceb4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4", "type": "library", "group": "io.undertow", "name": "undertow-servlet", "version": "2.3.10.Final-tuxcare.4", "purl": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9e03428b-c872-5b5e-a615-920792f83f3d", "id": "CVE-2016-6311", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2016-6311 is a false positive for io.undertow:undertow-servlet 2.3.10.Final-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:958a2c82-7b38-5aa5-8d58-84a460c5df8f", "id": "CVE-2023-1973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-1973 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a257657f-5267-5203-9c56-feeb257efa1b", "id": "CVE-2023-4639", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-4639 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8fbb6cab-0912-5aab-b7e1-8df587000274", "id": "CVE-2024-1459", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-1459 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ffb053e-db84-5fc7-a752-7d7eb004677b", "id": "CVE-2024-1635", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-1635 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb695861-f76d-5a6d-930c-b182e422750b", "id": "CVE-2024-3653", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-3653 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf39eb84-a756-56ef-929f-3c297c7e2b7f", "id": "CVE-2024-3884", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-3884 affects version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ecb5c86-5703-5bd4-93b7-68cf922669b8", "id": "CVE-2024-4027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-4027 affects version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db75e106-5b75-5fb4-88e3-bad45fddc13b", "id": "CVE-2024-4109", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-4109 is a false positive for io.undertow:undertow-servlet 2.3.10.Final-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5064d2b4-595b-59e7-a091-19011575d396", "id": "CVE-2024-5971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-5971 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:744a7486-c01e-5542-92a2-dfd7456d9dcc", "id": "CVE-2024-6162", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6162 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9dd89b9-6acc-53bd-9cd3-fb4a842d9cc7", "id": "CVE-2024-7885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-7885 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66febaba-2b0a-5a82-801b-99aa15797c5a", "id": "CVE-2025-12543", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-12543 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4374699-9bb4-52fd-b0be-ca11e6af8f66", "id": "CVE-2025-9784", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-9784 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fee8c615-e515-526c-bb9e-17ee8ff2d5d2", "id": "CVE-2026-28367", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28367 affects version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58a25d62-0a6a-5da2-a2ce-e224ddc3be1d", "id": "CVE-2026-28368", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28368 affects version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e05d505c-2c6e-5d8e-80f9-7fe1842cb99c", "id": "CVE-2026-28369", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28369 affects version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd4baeea-2244-5afb-b66c-f00ee9fdc0c5", "id": "CVE-2026-3260", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-3260 is fixed in version 2.3.10.Final-tuxcare.4 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.10.Final-tuxcare.4" } ] }