{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c7199732-d680-5230-885e-425e6e6a4fcd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "websocket-server", "version": "9.4.57.v20241219-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4b6e4d0d-16c1-5a8c-912a-daf4ccbaa0ee", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0329aaf0-4974-5672-a7c9-cba7de06fcde", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86c3b3f1-5145-5bb8-85ef-ea63f316add0", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2a811d0-bee7-5e8b-919f-8afc39628888", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fca24c94-9a77-5168-9b08-9e34a4f23202", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3d66b85-2206-58ad-903a-24951e682204", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af95228d-e517-54a7-a22e-7f9321260f56", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba937348-9062-5ae2-a0cb-ac5cc3f59157", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bffd2cf-f1a8-5482-b477-a06f4a4859e0", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc1cc8e6-c2a1-5ec4-98ee-9e115662eef3", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3406cc99-79f7-5c57-8b7e-312cde1c362c", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e81ae0f7-f591-5aa8-8f16-2e93d7508d56", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5817b41-c462-54a8-af3c-a9e710c18b87", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76733be7-f861-5fa3-bb46-f1c6331d26ab", "id": "CVE-2025-5115", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-5115 is fixed in version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fb00935-fefc-533e-9b86-92560b065d6e", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d338e8eb-295b-560f-8791-5db352fb92dd", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8db9476a-4fbb-50c2-855a-576f632e6683", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:beed184e-8fd5-588c-b768-bf0e7f36e1e1", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.57.v20241219-tuxcare.1 of org.eclipse.jetty.websocket:websocket-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.4.57.v20241219-tuxcare.1" } ] }