{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f382b957-6a12-5839-b121-dcff32572e21", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1", "type": "library", "group": "org.eclipse.jetty", "name": "jetty-alpn-conscrypt-client", "version": "9.4.48.v20220622-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ad56418a-070a-519e-9d41-dd54fae5bbe3", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a096116-7d27-5724-bc1f-8b36139bcce6", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:079b5c8e-4f5f-5c77-8096-29f0a8de7336", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a72441c-bc67-5f7e-847a-3b3ff373fe01", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c2b919c-7264-53a0-b1d2-3d9ef3d9e2d9", "id": "CVE-2023-26049", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26049 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50f4cd36-5084-5dfd-be4e-f47197be2fbf", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81f95d0f-9f32-5633-a03e-36dddcc427d2", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abba7370-86a6-5127-a14e-9c88a8676743", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3285b958-d9c7-5476-b2ce-26fc34e4ad65", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d27d79d-ff35-5d1c-913f-28cb9f3803e4", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd8f0b4c-7883-501e-95e8-032c52e85410", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c332d0ba-ea6a-5813-967a-a9d9bfcf4c28", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2b3ba9f-c2fd-5fe8-9232-5747b99499ca", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1346b30d-da04-59c2-bc74-1cbe960ef493", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42c24468-0ca1-5be1-b84e-7860e837328b", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3f064b4-39f4-560f-b1d2-5207c8a423ea", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:681e4090-975b-5f94-a0f9-4519993b3e43", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52429a9d-9b9a-52c6-a746-b90136f4a858", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d68a41e-e07e-5ded-831a-37919e586de9", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e93423e-ff03-5b09-a0c2-dce32ec9bbd2", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebcb001a-905f-55db-a2ad-f7393f6f41ad", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty:jetty-alpn-conscrypt-client." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-alpn-conscrypt-client@9.4.48.v20220622-tuxcare.1" } ] }