{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a90d0c3e-4d32-53c8-89d0-a1386dccfcb6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-hpack", "version": "9.4.48.v20220622-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:972a7585-fd16-55cf-a196-e08b972b7329", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b30f910a-44ff-5cdf-be0b-2746bee6e9ea", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1561d29f-25ad-5cb1-8b6c-2506c0934b3c", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54a08f75-a409-5045-9e5d-da6b39c381ca", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:446cf570-41f2-5c5b-95c7-383fd77658dc", "id": "CVE-2023-26049", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26049 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e4d9475-0076-5237-beb1-b42213aea8f8", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00ab377a-c9ee-5231-85a9-b176a2c36138", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f636fd67-5122-53a9-b30f-21001e155942", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04b1ff38-53b9-5bcf-b0b2-b31602160665", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8cd3767-b8bf-5f23-9d82-fdb6bbc92b9c", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29fa53db-ec49-578e-aa8d-c12bbe46b062", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4582132a-8a0e-5404-a69a-06a173550677", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3234eb99-8852-5e5d-afc6-16bc3e72f32a", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2880192c-a9e0-547f-9792-5899e7de6839", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8f7b812-54ec-50b9-9b81-f35c77747461", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93d5551a-bfc8-5f2a-af6b-b90e08e228bc", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99c7c79b-c536-5c53-8902-25b71b91ce73", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3671c75f-05d2-5bac-b546-b4630b6afd45", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0723eac5-0632-5970-8adf-4ae9e38cf6ba", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cd4f969-d7e1-596a-9930-414e36be698a", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2145b0fe-fa1b-5348-9b3e-81208a800a44", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.http2:http2-hpack." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.48.v20220622-tuxcare.1" } ] }