{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94f2c650-31bf-5685-88cb-73f766bcfcbb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-http2", "version": "4.1.63.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b01e1a59-4a4c-569f-9574-a626c7f79a4b", "id": "CVE-2021-37136", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37136 is fixed in version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1240cc66-45e7-56eb-9edc-a588374a38af", "id": "CVE-2021-37137", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37137 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88f711d1-9c11-58d9-bb75-fedbc7b9da1b", "id": "CVE-2021-43797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43797 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32e8d1bc-42d5-5a4e-ab4e-62cd9e48d098", "id": "CVE-2022-24823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24823 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43dcd51d-8f9e-5718-8df6-1f6fafac4ebb", "id": "CVE-2022-41881", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41881 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c460b02-af5c-5d7f-9808-7fd2d43b58f1", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ecdcc77-b984-5997-96c6-48041f3151c7", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee3b6c31-9b35-5af2-bc6e-0edbcc873c25", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:faf0f969-5891-554b-b3ac-e6b0ddf4675d", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-http2 4.1.63.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcc5d5c9-94c8-53dd-be30-3c6b7371d0a7", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d48a4c7-a208-5bbd-acf1-90eaec156ce4", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1414229-1674-5cff-9fad-13db7befd7b0", "id": "CVE-2025-24970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24970 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7a751dd-d13b-52b8-9c86-e52c9834b9ea", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:283894e0-b895-5e20-ab48-770a4be40e87", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b19fec6a-8167-56cd-be6c-1c9e892df139", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f18b40e9-6380-5d69-801f-b5f1ef0b16ff", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82586e48-3d44-5818-9af9-f5469ce4c85d", "id": "CVE-2025-59419", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59419 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c613773-6372-5671-bf19-b758de2d47b3", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98abb322-657f-5b72-a9c6-cf30f535e968", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88642f7b-71e2-5a2f-a648-356e65946b34", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16d028c0-099d-5425-85e8-d496219618f8", "id": "CVE-2026-41417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41417 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc155180-1a87-5aba-9810-f359c6aa89bf", "id": "CVE-2026-42577", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42577 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e050670a-8d56-5049-9159-db1eb1e2bd89", "id": "CVE-2026-42578", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42578 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e58b074d-f430-5a22-a783-d29f850baee5", "id": "CVE-2026-42579", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42579 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:440b07e3-fafc-5a8b-8945-a7d13cc64b17", "id": "CVE-2026-42580", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42580 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9bc768c-7786-5474-b409-5af1b426a4d7", "id": "CVE-2026-42581", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42581 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd05f841-b2c3-54cc-bb5e-937c16f452ce", "id": "CVE-2026-42584", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42584 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86898dcb-a9f2-5be8-89c2-2ae9653c97f2", "id": "CVE-2026-42585", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42585 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07493878-93a4-5b6d-a6ce-42ae91ce9908", "id": "CVE-2026-42586", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42586 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9619f6cd-dc6d-553e-8712-49a870a54660", "id": "CVE-2026-42587", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42587 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a1ede49-cf21-548a-9c4d-9f5808d6ad3a", "id": "CVE-2026-44248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44248 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73f51ff6-b60d-5abe-a448-dcc7824ef387", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-http2." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.63.Final-tuxcare.1" } ] }