{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:43e4cfd2-d64a-5827-9c16-1186478b7a53", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-conscrypt-server", "version": "9.4.53.v20231009-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fd428001-7849-5913-a7d6-115934502d80", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9afbd2d8-6bc2-5305-a100-08be57640bab", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a26f31ce-6ab8-58dc-841c-ee8088fb2e21", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28829665-3685-5d52-ae42-241dd220d7a9", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1677984f-8cde-536a-b50b-8e3848b4cece", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af125125-afbf-5c9b-8a56-0e83dd0d67e4", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e0228f0-9470-5d01-aeb6-5bdab04ba669", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75630919-6f29-5007-9030-1e0a5b9c8570", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b861f55-9f30-54f2-ab1c-7b2eaae8528d", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b07ae4a-aaf2-5267-856b-d46e59e9fb02", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0838bb9c-fca5-521f-96da-e062e7887212", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c2fde37-6bb7-542b-9700-3a554a7e95f5", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8db0345d-2011-5afe-b384-1fc7c901938d", "id": "CVE-2024-9823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9823 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d353014-4ebb-518f-8323-9a749d61b010", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff45cbc7-329f-5403-8477-a574351d95df", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad433796-1192-554a-870c-67c8579c395a", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:236da8b2-8216-5834-bda7-5b0d2282e15e", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe4c1a57-3ed9-5835-8320-a335e967e52c", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31340a9c-1b80-50be-8f04-3c77a90b4aad", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.2 of org.eclipse.jetty:jetty-alpn-conscrypt-server." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-server@9.4.53.v20231009-tuxcare.2" } ] }