{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:76a0e7cb-763c-576b-832e-299d1d599a60", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-http-client-transport", "version": "9.4.53.v20231009-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:34354cd9-ed77-552e-a150-ba936cfa8a5a", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70e99086-f3d7-5be5-8326-d05acf6cd85a", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d20dd7d-a5d2-54dd-a427-42840771218f", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a8d53bc-6f1b-5792-9d40-42fc4b6517cb", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b793842-10d3-597f-8c16-36bc082e788c", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c72d260e-7e04-56c9-bb8f-2ae858a3882f", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abee3078-d40a-5e08-8387-2d8e82784e4f", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81f97660-a83a-5f8c-9c55-d704e8471979", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aeabb2e1-ef51-5f15-8da1-09d545cf7ddf", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76567b44-5324-526f-a059-147c57b194fa", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99d5f26c-fd96-5d50-9474-7e29491fc904", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4aee6330-ca93-5704-809b-fb9c84933c89", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d255da5-56a5-5aac-a45d-1fa304de7ae4", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:778c67d7-25c5-5859-b0b0-90a383517e62", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7fdfdf3d-9ea3-5bb4-823e-c3d8569d3b98", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:397dbcea-dc4f-57e7-97e4-1b34fe4eed13", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e37ec551-77f2-5cd0-90ca-f51552c6ef8b", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bfdab98-0634-55bd-addd-80cdbd1790cf", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6f04e11-1ef1-5b3b-ac34-83f95f44b9fe", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty.http2:http2-http-client-transport." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.53.v20231009-tuxcare.3" } ] }