{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6e23ce73-2909-5314-81d7-2a697b04a269", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-http", "version": "9.4.24.v20191120-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1f2f5359-0233-5b19-b353-14960fdec8a8", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc2bf962-7a96-5f0b-9a72-ba670c7f96e9", "id": "CVE-2020-27218", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27218 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1eccfaaa-2473-5954-b9b2-f7d45e42b702", "id": "CVE-2020-27223", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27223 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:425f1f6a-aaaf-5db8-8fbb-53d58121ce54", "id": "CVE-2021-28165", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28165 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b192044-ae2c-5f81-aa92-98e88dcb62e9", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf0bfe67-702e-517c-a851-9555ef34862e", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69f2dde6-2efe-587f-b6b5-c202ea86c1ca", "id": "CVE-2022-2047", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-2047 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8355213d-068f-5e27-9a9b-d83f3074c316", "id": "CVE-2022-2048", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-2048 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7853a272-cf86-5eb3-a7f0-e1cefbe46a69", "id": "CVE-2023-26048", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26048 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5894c46f-63ca-5428-99cf-6e428c92b420", "id": "CVE-2023-26049", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26049 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e906dc3-8c9c-5023-9ad0-5973e9eb47de", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f24268dc-de79-5b9a-978c-9af0be69d7f9", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31801ee9-03bc-5fb9-9291-a550fa6d08cd", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29a10da2-1b52-5395-8018-2580c0dda578", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42a8a8b1-2e18-55ab-b841-90310d2809ed", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41463f2d-a752-5157-b58a-124e84b716a9", "id": "CVE-2024-13009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-13009 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:628e0189-543e-5633-be7d-e1f96a739645", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff679bc3-fd83-5166-80ad-e059555c6777", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8b21f39-ecd9-5b20-9590-64370678b702", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c458f62d-998b-5106-bcde-103bbf64806a", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1ee10f7-03ed-5759-931a-c4bc367429cf", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf86d9b2-9d73-5283-a7e1-166b4a78c40d", "id": "CVE-2025-1948", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-1948 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ade847b8-cd00-579e-a583-7abb83c1cc72", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae3730fe-ee72-5274-9254-eb24d440b6f2", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.24.v20191120-tuxcare.1 of org.eclipse.jetty:jetty-http." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.24.v20191120-tuxcare.1" } ] }