{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6af5fb91-cc2b-5e94-9d2e-4199b066cdff", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.osgi", "name": "jetty-osgi-boot-jsp", "version": "9.4.50.v20221201-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:298dcf4d-8e4f-5fc8-86a3-822c5df423c8", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32da8ac8-5d63-5ec5-8a93-c25571ad31cb", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6d9b000-3050-5764-b988-ebc1baab50ca", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6109b442-855c-5180-8fcd-fb32f18c1813", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b4e73cc-7ed3-58d8-874b-21b3932f8c21", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87f5296e-8f81-5c60-9b91-96676367d9d8", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45be1832-f02a-59e1-850b-d03d37a24fc8", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70c2e5bc-95e0-5b7e-8be9-a8072052ba28", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eda71b9d-da98-598b-a648-7193ab3b6cd7", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a45d85f6-9b4a-5058-9332-b5e9957d2802", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c312f850-6b4f-5ffa-9f7f-5e159371eea9", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7458dcd7-3a09-58be-a60c-3ef8beaeb1a7", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fad7ec85-65be-50b1-bb94-b231129ffcfd", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cc8f2b1-f7f2-50da-a18f-3826e5095ad5", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef5ee5ef-db21-5e5c-9ef2-ed5b1c143663", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa72aeb9-8aa1-5b5b-ac97-9ca2145a74ab", "id": "CVE-2024-8184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-8184 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2db69bfd-6ba0-5238-9037-a3e7522e9632", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab3fa688-47dd-5bd2-842e-379f51ac17a9", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c10d3e9-42b5-5abc-880d-8edbf54f56d3", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed9b4760-5d78-5dfd-97b8-12d52bc2be33", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c588288-176d-52bb-a4e2-a8fa2765e46c", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a15f0078-ba48-5751-a8c2-f82075553246", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f06e6cc-9e38-5ff3-8434-8f427fea54fb", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.osgi:jetty-osgi-boot-jsp." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.osgi/jetty-osgi-boot-jsp@9.4.50.v20221201-tuxcare.1" } ] }