{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a00eff2c-8008-5e9d-9c9c-3e69873bb616", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-hpack", "version": "9.4.53.v20231009-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:06e95d38-bd03-59d9-b520-1bafbb3513eb", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:504cde03-ccff-51d4-80b2-1259a8ca6490", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea0bce58-0112-5279-a76a-08eecfe5b367", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b45ec62-cf22-5e8f-8aa6-0c279e98e437", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85033aec-a123-5d2e-a643-ea935c24d2b3", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6ed070d-1b2e-524a-85df-e293a40003ab", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c81a6768-6c6c-5418-af76-8b8913193e93", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4475f22f-4224-5b77-893e-f1d1136f6d18", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a96539c2-6fc1-5b20-99ae-d2916955c797", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:791f5347-07aa-59f1-ab62-094abf232f2c", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c986905-acea-5118-b0b6-063e5a211f3a", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d7f1ef2-7196-5639-a2d5-1bce42bc3d62", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e81257c-cc8a-587b-ace2-56d742e78bb5", "id": "CVE-2024-9823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9823 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab20f64d-d9bc-52b7-93e3-347e0db90f53", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f99ec88-9ade-560d-ac03-07d947dd6a80", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1648fa2a-0d79-5d49-8cb2-873eb3d7d65a", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f103813d-194d-50a5-92ce-ec3781fcfc3a", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdfc885e-faa1-56b2-9dcf-1b444614cce6", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f37c5590-0641-59d4-8bac-95877b69634a", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.53.v20231009-tuxcare.2" } ] }