{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94a9b985-1c6c-51cd-bfd5-12a08ab16ea7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-common", "version": "9.4.53.v20231009-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b271d3b6-278c-59ec-b47b-816034480460", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd8bf01b-726c-5385-a9a3-370bc1f6435f", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76e1e5c8-3f54-5167-ab36-0e71384ee122", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45bbae33-f597-54c3-a8bb-f1bc9fbda800", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d3849f4-e9e4-5dcd-a07d-1877acb64c21", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38f9d736-0d33-5aa6-8058-8584a810532e", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34391ac3-039c-5093-bb24-6d32c10e03b8", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:281943f8-92b9-5d2a-9b6d-805c729b3bae", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ed72311-685c-583f-b839-4d97a82c41bc", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04e674c3-b590-5521-a28c-7b4f4fcc4b18", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fa4f79f-8e5c-5367-a590-80c5ba84e50e", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1874a795-c26e-5489-8ae3-f923e4070951", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3d3da53-6ca9-5269-84e1-c25e09297942", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:595654ac-fc19-5d6f-8710-08a316b21642", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:728ee905-78f4-520e-bd31-302c5252fecd", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d531490f-28ae-55dc-a058-d58972c0f17c", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31886c74-549a-5f02-91f4-73dce06c6cf5", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c383ff9-3f1d-5e62-993d-64e06d058b7e", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e126e17-2163-5a2b-ad2b-a970c40a085c", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.53.v20231009-tuxcare.3" } ] }