{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d570c693-c2a9-5d8e-b028-2ad9d609a085", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-http", "version": "8.2.0.v20160908-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:251a1462-009d-5fd5-ba16-fef4644992e7", "id": "CVE-2015-2080", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2015-2080 is a false positive for org.eclipse.jetty:jetty-http 8.2.0.v20160908-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cff03a34-1199-55e8-b3b8-c1ee401860a6", "id": "CVE-2017-7656", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-7656 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f635cc7-bb1a-5513-8a63-a17eb71b4055", "id": "CVE-2017-7657", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-7657 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67ead978-c1fa-5ab7-913d-31fcf46ac49f", "id": "CVE-2017-7658", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-7658 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d3ab9d0-7271-5dfc-8a75-7e07b47b9687", "id": "CVE-2017-9735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-9735 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c0416aa-af0c-5e2b-9fcf-40715abfc164", "id": "CVE-2018-12536", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-12536 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3589cc8a-ced5-55f3-9811-25ee86ff3e21", "id": "CVE-2018-12538", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-12538 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23d20505-bb65-5d63-845f-61c3f022148a", "id": "CVE-2018-12545", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-12545 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffa05407-b1a1-5169-b88a-bb13d35d5100", "id": "CVE-2019-10241", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-10241 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11976d63-4a8d-5043-97cb-59d3fc8d0c3d", "id": "CVE-2019-10246", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-10246 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2fa0d49-1292-5dcb-b736-dadc8eef778d", "id": "CVE-2019-10247", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-10247 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79097b9e-4a0d-5904-b213-55e54e1afe06", "id": "CVE-2019-17638", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-17638 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:288e2413-884f-5882-95c6-5f818f13a570", "id": "CVE-2020-27216", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-27216 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b991752b-76b4-585c-aa11-409396ce25c4", "id": "CVE-2020-27218", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27218 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e461f9e-ad0a-57d9-b022-0536aa4835c1", "id": "CVE-2021-28165", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-28165 is a false positive for org.eclipse.jetty:jetty-http 8.2.0.v20160908-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eda396b1-7b0c-5a40-88cd-d365cc78f370", "id": "CVE-2021-28169", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-28169 is a false positive for org.eclipse.jetty:jetty-http 8.2.0.v20160908-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a24fb05-3c20-5cf6-aa24-5a7e8e253dc4", "id": "CVE-2021-34428", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-34428 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35306045-5294-5e73-a18a-c6e9bdcf8a1b", "id": "CVE-2022-2047", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-2047 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c10cdd51-c8a0-5982-b79e-3eb25c5d9b36", "id": "CVE-2022-2048", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-2048 is a false positive for org.eclipse.jetty:jetty-http 8.2.0.v20160908-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2b8bd5c-3607-5149-a15a-bae8a09b88c0", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d01d381-a736-5b83-9f4d-f5f9f48271e9", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cc054a1-fd69-5e63-8a63-505ad91069aa", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c56aecd5-e711-5d2c-91f9-55274179ddc9", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d364845a-0c88-59c3-8717-89dd24002b93", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2583ced3-4785-5abe-9c19-2e211edb911b", "id": "CVE-2024-13009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-13009 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:107ceba1-91b3-5e26-a65f-457b42e931d0", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b04451b-5c53-5d23-bf7a-992498aec71b", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03f36368-9b2b-52ba-bb67-7ddcf4a70aa7", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f58dade0-cfc0-522a-b281-85ebd8f7156e", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f42cbce-077a-5707-8eba-2ee1b77afaed", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82e3fa4f-175a-5704-9b8b-0be8562f5961", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7c4c218-b4e9-5483-bb24-f190b12fe21a", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26dcb534-ea06-54b3-a313-3b4f0215e406", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 8.2.0.v20160908-tuxcare.2 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@8.2.0.v20160908-tuxcare.2" } ] }