{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8a08aa9f-f043-5eef-bb75-3e192d261afc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "apache-jsp", "version": "9.4.48.v20220622-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7f752fdf-319b-5e39-b2c8-9adc0a1e867f", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5d4ebf-b274-5ff7-86e7-c3126c8f84ad", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c69bc07c-ea6e-5376-b090-98bced4df81c", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e09e8c64-abda-5326-a812-656048e1c1c8", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6219c55-c6e6-57c5-89d7-1a5fc5ca0848", "id": "CVE-2023-26049", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26049 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6eb74794-508d-5218-8fa8-83d0759d6c56", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8c15823-8a42-5c0e-b168-3e456af62c79", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11ab1f30-ef63-5753-b368-d47c454fcfea", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1921cdc3-2700-560a-9d10-d1ac378f1173", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9dded81f-e6dc-5e3e-a01c-6bfeeae4fbe1", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:618d82b1-e24d-5967-a274-4d18ce26c4ae", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e65a717-2146-55dc-976a-e5b1bf4aa754", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c41b01b-b725-531a-a462-995e48ae5832", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2d3c4be-579b-55b7-b027-cb333e0d9305", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d21c3a8-e491-571f-8863-2ecd39782666", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4098dfd8-0502-58d5-adf1-5abe173a5318", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23528c40-09cf-571e-9deb-483cd19cafa6", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd3d9192-a910-58da-b424-1d00bce70bf7", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:362d4a8e-fa09-5772-aba1-4703f49404a8", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df54a0ed-813b-59e6-b78c-cf43cc8f7eba", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a65e888-c726-5428-8e26-67e26b345ba4", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:apache-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/apache-jsp@9.4.48.v20220622-tuxcare.1" } ] }