{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ea74ac28-2f5f-5c80-9609-987551bc5067", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1", "type": "library", "group": "io.undertow", "name": "undertow-servlet", "version": "2.3.18.Final-tuxcare.1", "purl": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e868593-af04-5c0d-971c-c183f62312c2", "id": "CVE-2016-6311", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6311 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91c93972-2f11-5c9e-9bf4-acee6652c73f", "id": "CVE-2024-3884", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-3884 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef8d5049-c2ec-5bd9-9789-ec01756c114c", "id": "CVE-2024-4027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-4027 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:142f14ae-dd6c-5e54-9a09-b44f2d8ecd2f", "id": "CVE-2024-4109", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-4109 is a false positive for io.undertow:undertow-servlet 2.3.18.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e68ca69b-c8a2-5dec-a8b7-44bf2304aba0", "id": "CVE-2025-12543", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-12543 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08392195-ca81-59be-8258-fb8f2c6d24be", "id": "CVE-2025-9784", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-9784 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbd9b2cf-038c-524e-a1f4-e4f026397289", "id": "CVE-2026-28367", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28367 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15c9592c-e817-5764-b61a-68034de3efc8", "id": "CVE-2026-28368", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28368 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:141f51b9-be86-50ae-b1be-15e06ee73850", "id": "CVE-2026-28369", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-28369 affects version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8edfef3-852a-5149-923c-879a68c35388", "id": "CVE-2026-3260", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-3260 is fixed in version 2.3.18.Final-tuxcare.1 of io.undertow:undertow-servlet." }, "affects": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.undertow/undertow-servlet@2.3.18.Final-tuxcare.1" } ] }