{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:43a3e41e-112b-51c7-87b2-5ee36385f766", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.http2", "name": "http2-parent", "version": "9.4.50.v20221201-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:298413a3-eabe-5d8b-a0d5-922955686148", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b4b06d1-3c94-5ed5-91a7-8227fbe284fa", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f914704-ddd9-5db4-bfa2-7e0bc2e53700", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33d16c5d-090a-5f84-aa62-ff2c4669b34b", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02492582-63c9-551a-a819-881e2c4b46a7", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44a5f370-a180-571a-ba91-760e67e250ef", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac15e86f-3c74-58aa-b76e-7bbacd134bd1", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f75a9d9-dadd-5cb5-86b4-cf83bb6a973f", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2164a3b7-c8be-5ff3-8731-46e2776f5300", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:806787a5-b964-5b6d-ac25-37b272b877e2", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c77971ce-1de9-5432-a7ae-9521dd526f36", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62891a49-b911-5dc9-bf26-ec9230e781ea", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17f60ccb-c3a1-5add-a4ad-b1662a9852f5", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a67ef55-9cda-5324-a398-155a69451e53", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66101a70-7695-5b21-b4e3-d72e8caf58c6", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2baf45b-85a4-545c-8952-b8134c3ab5fa", "id": "CVE-2024-8184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-8184 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:127c3c3d-c689-585c-9006-d1784f98bce5", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58a5533c-4619-543f-b1be-4e26ba785e07", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6cacb9e-6f4f-58db-943f-8f65b00f48f0", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:940f16ba-40a2-52a8-925a-4464365ac847", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d47499a-b2c1-54e9-9f5f-d60e2e1aaca3", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:808f4699-d468-5d4b-880b-21853ef7f11e", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30e82787-f0b1-5ca8-bb4b-029edc379e06", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.http2:http2-parent." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.http2/http2-parent@9.4.50.v20221201-tuxcare.1" } ] }