{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:56d96417-8e07-57b0-98a8-a4d579d684c8",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2",
      "type": "library",
      "group": "org.eclipse.jetty.websocket",
      "name": "websocket-core-client",
      "version": "11.0.28-tuxcare.2",
      "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:1f9a49dd-6689-57e6-b38e-fdf52f7f9044",
      "id": "CVE-2023-36479",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-36479 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2ad3f5a6-5653-5a0a-aefb-3a9d332df5c5",
      "id": "CVE-2024-22201",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-22201 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:89da0681-1b31-5334-873f-0183a8bc9d9c",
      "id": "CVE-2024-6762",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-6762 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ba845a34-a83a-51f3-bb55-a93d41df9be8",
      "id": "CVE-2024-6763",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2024-6763 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa71cf38-f3b2-5f77-9722-78116a40a81a",
      "id": "CVE-2024-8184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-8184 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a3cb5afd-24f2-5089-98c2-1ccdaa221eb6",
      "id": "CVE-2025-5115",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2025-5115 does not affect version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client. fix for CVE for this version has been already backported by the original developers, so this brunch is not vulnerable"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dbfb1e02-1630-582a-8682-d99fe6117de0",
      "id": "CVE-2026-1605",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-1605 affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e2a0c705-d28c-5c38-b107-d600961ade62",
      "id": "CVE-2026-5795",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-5795 is fixed in version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2a4b48c2-c10a-5690-b80d-4971a27198f1",
      "id": "GHSA-58qw-p7qm-5rvh",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 11.0.28-tuxcare.2 of org.eclipse.jetty.websocket:websocket-core-client."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-core-client@11.0.28-tuxcare.2"
    }
  ]
}