{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a31e7242-0456-5255-b6b8-d1a3c4fc35fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-runner", "version": "11.0.28-tuxcare.2", "purl": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1d5f7a1-6d10-5e30-85e3-43d51a597233", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7d01891-a67a-5cb3-9a10-3e8126aa618c", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f1a19c5-08ab-5668-988e-e07b83fc7411", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be93d13f-1e01-5272-9549-19bc6f3b8f9e", "id": "CVE-2024-6763", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-6763 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6338fc57-40a7-53db-a530-a6a68c6ad9e8", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f85396ff-90a2-5a50-a0d7-2969498d6f82", "id": "CVE-2025-5115", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-5115 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0b839be-f17f-544c-bc54-8d2458250139", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:020ab66e-3212-5928-986f-db702acd3fa0", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3faaf395-44b5-5adc-ab82-ad4d083e69d3", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 11.0.28-tuxcare.2 of org.eclipse.jetty:jetty-runner." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-runner@11.0.28-tuxcare.2" } ] }