{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:26c1a300-bd3d-5177-acfa-359a92cc8e12", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-xml", "version": "9.4.50.v20221201-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:684660f6-ab4d-5fcb-b8cc-174a362383ca", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b27644d3-cf14-5ef9-abd9-2ceb82db4c65", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e259c066-333e-515d-aa05-265afa7c79c1", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75adfd27-cad9-5423-b8dd-7191a1ca761a", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:419f5154-bb57-50b0-ba21-1e585d87622d", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:814feaa8-cf0b-520a-905a-0e4b03c07ff8", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc0e48cd-a2e4-5c3a-9ae0-24f0eac0f696", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbcd0c83-68ba-5f52-8500-07b853daf5a8", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a92de56e-9bcc-5149-986a-999261b137da", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b54d842b-a0d7-56a4-9e8d-44df91955863", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f98728f6-a5ae-5d8b-8083-bb9270e1554c", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99ef6543-6d5d-53e3-bd94-e2b2fb3cb048", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09547622-a5c4-5177-b67f-ee79920b2859", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccb2753a-0eec-5682-86a2-b5719700a5c6", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a56cfe57-29d5-5e11-88f0-6eab08a05594", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e56cbde-5a4d-51ce-aed5-b8dc73d47973", "id": "CVE-2024-8184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-8184 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb415269-f735-5530-9efd-13b74582097a", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bf50b61-a9d2-54a5-9160-8fc3f1f193c6", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:006b9919-43d9-52f6-990a-41ae9c108afa", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2c3f0aa-05bd-51e5-9381-0fa7c334ee02", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:225d88da-6e61-569a-9b7c-6db0103255fc", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3aa5cc2b-60a7-537f-9c7f-8feb2fbd052d", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a926e114-d395-555f-a3a9-362cc7e32639", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty:jetty-xml." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.50.v20221201-tuxcare.1" } ] }