{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:596c5ec0-2bab-5bc8-8bb9-9e2c5ce654af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-server", "version": "9.4.53.v20231009-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:06dedf39-1e7b-58c2-b07f-5f7f3a65b2b6", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6461e1da-aca9-51d4-b7e1-e356daa129df", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5763069-16d3-579c-9062-aa4951a41329", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2066c8e0-de1a-5d6b-853d-4e1d54999c85", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f62e58ca-8521-5b41-a461-baf2d30961f4", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8c8b21f-64e6-5209-9e41-3d167105b89e", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb27b548-c2e9-5d1f-8aaa-d8e82b430476", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27c7ca46-c245-5e47-9198-df1abdd07785", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d3b20c6-8131-5a7c-9328-87683fe458c5", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acbec35a-dbf6-5e1d-9b34-298c420a82b8", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29f0601e-bdbb-59a0-b219-e41f202d2910", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae974cb2-5664-5000-b33f-6d191ff6acf2", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c4d378e-59e4-5f9d-b417-a32be785a528", "id": "CVE-2024-9823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9823 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33d34bad-b34f-5270-967f-32f2d81a0665", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba2e2dce-f1f8-546d-b2f1-8b414c3156a2", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c6109fc-e21f-5cc2-b48f-de5d9117a401", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4f69ae0-77dc-5bda-8897-5fe741110f9b", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:388eed45-45e4-54e3-9d8a-f277f5683f5f", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2918138e-8865-5815-9f6f-fd16cd972e96", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty.http2:http2-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.53.v20231009-tuxcare.2" } ] }