{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a46acd55-7405-5a58-87a1-7c843ca932c4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "websocket-common", "version": "9.4.57.v20241219-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:31fbcc6a-5123-51f1-ab79-51a02838a798", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a7d2cdc-6581-5c1a-953a-ac1d9dcc75cf", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cf37e9a-32e2-5e47-9405-d59fd76f0c3c", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48f77a2d-11e4-5e5e-b676-7b76d2510785", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f29020d-5165-5bcd-bc7c-13b30c9cd816", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec950385-a2f3-52d3-ba23-ae79a6ac3541", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea6e7b9d-2bcc-5ccc-9e5a-1bee1f27c13e", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71e6bbd1-d890-559f-b530-0cf6ff5ce52f", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfc99dd0-cb1b-5441-a07e-b434ec711d85", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e3f3f3d-7f60-56f2-9f60-03caa8837c66", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:646fc49c-751d-5848-836e-3a30f3a10ea0", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b595cc4e-d0f4-5ea7-bc47-629eb5d30d92", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcf68737-e1bf-5f0e-9c7c-4de2ea3c3288", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:600bf7c0-2e2f-5cbf-b5bc-99619277500e", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d82dafc7-e9c7-593f-ba6d-362982bf3581", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e6d3e5c-8d1c-5fe3-96b7-e3e9d8b89e6d", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2a573e3-c1a6-5bf7-8d08-0d36754e46f2", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9aa8b6eb-633a-55e5-a283-be539bded826", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.2 of org.eclipse.jetty.websocket:websocket-common." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.4.57.v20241219-tuxcare.2" } ] }