{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7ffd304d-d643-57e1-8d37-4329607d0e99", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "websocket-servlet", "version": "9.4.48.v20220622-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e552aac7-3cdb-58ae-b021-8026d657f5ee", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dfbdb5e-7075-586a-bf74-bd8fb395726d", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c7fa029-b569-5aa9-94dc-6af57abd6a61", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e7394dd-19a5-56e5-b6a9-c1c741e2fcea", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff1334c9-51ab-5045-b615-0448f83f4b7c", "id": "CVE-2023-26049", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26049 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46b1d747-609f-5195-9f0d-fd501effc171", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3626ea40-9fa5-5940-908c-72eb93a828dd", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17a6c18e-80cb-56c3-95da-cdc6b758d616", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec884b1a-43db-5a85-91e4-50549872edba", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ee6c640-f1d4-5bba-9875-6b8aeafa7289", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c6adc64-4239-5806-aa01-b837e6d45fba", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ecd859a-45b7-5780-9bed-9d4fcae6dc78", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea2e4697-60c5-565b-aa35-b44630de2494", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42508944-988d-529e-b17f-5e71c386f7a7", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72254f2b-aec1-5019-8366-60390c987962", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e51d61a8-04e6-5830-9027-ba9e185a60f5", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78755a68-7c6b-5c85-a4a8-60421a74727a", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:514df360-6731-538a-a7f9-dc83feb1f419", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9317036f-0cf9-5218-b691-73ec07dba5c8", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4703a417-5858-5173-a4d6-ced10b0f33a5", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bd2796c-0fd4-5bfc-8c82-d18d3b232e6e", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.48.v20220622-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.48.v20220622-tuxcare.1" } ] }