{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:45ad49e7-7ae2-5542-8a79-bf4032119a44", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-openjdk8-client", "version": "9.4.53.v20231009-tuxcare.3", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1c408f1b-9eef-5e2d-8351-576fd14c5b51", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87de816a-c4f6-5071-8a7f-031714a15bde", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f858df87-a89e-5829-ba04-48081499bb0d", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:804c7886-c490-57e4-aea5-ae13c1f7b694", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6911478d-b52c-5542-9973-8821bbf114fd", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a95f05a2-a1ed-563f-b78b-eff7baa5a0f4", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb90c8a5-3bc7-559c-84f0-fc02b416998b", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e65e3d0a-07fa-502a-b83a-68f4614e1114", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c03210b8-10ce-5a6b-bb9c-63dd8920999a", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2309f94a-fca5-579d-96c8-fb69184d8808", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22f51461-4351-5ed4-a188-3c964e95666b", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:507e3650-dbc9-5036-8f6d-1555a36ec2dd", "id": "CVE-2024-6763", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6763 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e96068ed-38f7-573d-b243-1eded4277312", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:003347dd-8aeb-5f69-b365-d559c5ef9768", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7070df51-a73a-5423-a347-8fa646ea1672", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6154a188-f9b7-5d79-8de4-9f20aa548d2a", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f876a0e8-086f-56d8-8861-377d1dd44983", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0e9026f-0f98-56aa-8f72-2b57b7c674db", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4392d00-0178-5386-91ee-5f0cd51a622d", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.53.v20231009-tuxcare.3 of org.eclipse.jetty:jetty-alpn-openjdk8-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-client@9.4.53.v20231009-tuxcare.3" } ] }