{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c942e5f9-94d3-5a6f-8da1-4c7ef5324be9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2", "type": "library", "group": "org.eclipse.jetty.osgi", "name": "test-jetty-osgi", "version": "11.0.28-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5bcabab9-6766-5910-8c97-2ce0c4844ce3", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b41db2e2-5cbb-52bb-a5db-98776363a518", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb283756-0bab-5785-ae70-0834510ca309", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e0e4bdb-eec8-52c7-b3fc-92a10ec6f361", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d125237-4672-5b94-99b5-2c0cc9e7e311", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d6eaced-d548-55cd-866f-3ba8e6502afe", "id": "CVE-2025-5115", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-5115 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb5724bc-8769-5ae8-b3aa-651cf5f9a1ee", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a813c628-5ad7-5329-bfbf-7ed6310e0f4e", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3428919-aeda-56e4-a0b9-b8584ca598d8", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.osgi:test-jetty-osgi." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/test-jetty-osgi@11.0.28-tuxcare.2" } ] }