{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3737f441-5461-5e04-962e-e1cfe77359e5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-client", "version": "9.4.53.v20231009-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c62682a-03e7-5bac-91db-d5f4c617254a", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de9781f6-b2ee-5cf7-837f-f97ea7bb70ea", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06d0ac84-07de-5d7c-9f1b-572b5b9ed756", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e3942b0-6eb0-5554-b482-f0a0fbccdf8b", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70cbcc8c-601b-5573-96b9-9e5ee5ddbd25", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dcb73fb6-8bec-5c34-845f-4c3166960058", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb82b596-a7f9-5bed-b1d8-7a38d3b1015d", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2adb7153-2ee7-54ef-a6aa-d3f35b3ac54a", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3049ea3-75e1-5baa-81f3-7f84ee38fc75", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92f03cb1-1e78-5ebf-a3fe-89c7002f4a51", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31ce20f5-6a2c-5f4a-b2dc-d3911f13080d", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:208fadb3-ebf1-52a9-8f96-992aa5a5e916", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2411426-2f8d-5d7c-8c16-8db2d8232371", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:344c0742-43a5-535c-8a0b-b4021526338b", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e773a5c1-58c4-52f4-82e8-13adfb97329f", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09e5a46a-867b-57c2-af04-f2e1f23274f3", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ec48a30-09ab-50e7-80ff-f54fab55f8ba", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdfe7cfd-3ae6-59e4-a773-d1b07569b779", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f82036a9-7a44-54fd-8f12-9ab0e5bfcd7d", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.53.v20231009-tuxcare.3" } ] }