{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a930a71-f4a7-5a15-b9be-ec1a1c7d667c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-http-client-transport", "version": "9.4.53.v20231009-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f8155497-566c-5660-919e-7edae79e08b5", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ae4a2df-cdc9-5ba6-bf86-d454097031c6", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dced26d-976e-5a5a-98c2-31bb500ef5b9", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1385e98-d4a5-544e-872b-dcbc1285a581", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9843cbb0-8169-54c2-9636-b4e12e3c768f", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88619b58-8f9b-56aa-b6ca-af0bd4bdbdfb", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43c52448-3a3f-5a45-96a5-d442a0540dc3", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1840cb55-a1a7-5f2d-b123-37a629a0357d", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ea15a26-dd4d-5d26-9469-5dfa1c7029d0", "id": "CVE-2024-13009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-13009 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a6802e8-a76b-51b4-a74b-8cc932faa2e5", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa9e5bf4-a3f1-5b72-97ce-2f6888b9d380", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdd0c8aa-21c8-520f-b96a-b4347e3dba41", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65d54a0c-c67a-5062-ac59-dc3591bb8da6", "id": "CVE-2024-9823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9823 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79482a23-95ef-59d2-83aa-6142a1131ecb", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adddcf9d-bd33-5fdf-82ae-0cd0ba0e5fdd", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40d92cb0-362b-527d-8902-a9605ae524ed", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1edcad5d-6fc9-5c28-9ae4-3d1cc002c754", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b94da7c9-aa5c-5f1d-972a-85bfebd56255", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b95bff30-5b5e-5181-80e6-c418664422f3", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.1 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.1" } ] }