{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d1f5f5bf-ed94-5519-ab88-bf9ba0d3ac0d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "websocket-servlet", "version": "9.4.50.v20221201-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2c291bb5-986e-5bc9-94b3-8dfb94957bc6", "id": "CVE-2020-25711", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-25711 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d01c3ee-f8ac-5102-8f67-ceb83ef9424c", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0064478f-d723-5be2-82cd-e595b3086a6d", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d298f571-8054-5e11-a360-a6af98610357", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:895403e5-14b0-5812-a04b-fc86a4798da8", "id": "CVE-2023-26048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26048 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7ff980c-639f-5669-83c5-37c545ed20af", "id": "CVE-2023-26049", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26049 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7bcfea1-8c71-53c7-a542-d4063e8ed1ca", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:629a921b-390f-50e8-bc00-572589e23e69", "id": "CVE-2023-36479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-36479 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da91da21-2c2b-5514-a6f8-85b92fc853bf", "id": "CVE-2023-40167", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-40167 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71f2bd24-c442-5806-a88c-31bc609f5122", "id": "CVE-2023-41900", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41900 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0a4edfa-a058-52dc-b5c7-affce0c1b9c1", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38213460-07a8-53eb-8602-4e6fc178a1d2", "id": "CVE-2024-13009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-13009 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8188e050-8d54-5a9d-8da3-5b1ec0462bb4", "id": "CVE-2024-22201", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22201 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a3c45c9-1f49-5952-932d-05c28e6a4ca9", "id": "CVE-2024-6762", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-6762 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e11e463d-9186-5037-bd71-256ff989a47b", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:832f8da0-43b9-5c2d-bb75-8ea1b881d950", "id": "CVE-2024-8184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-8184 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:747a4938-6d27-541e-8812-ec395f78eb05", "id": "CVE-2024-9823", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-9823 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4ddca37-ab48-5217-ba33-7a0e2e466d1e", "id": "CVE-2025-11143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-11143 is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29a5b0a6-0a6f-5638-9710-a04883b76654", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00817d01-e905-574c-932a-c95986af9f42", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:269bea1d-967e-5aeb-a7d5-d480147f9ce7", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3e8b353-4c5c-5287-a75a-1754328b67c8", "id": "CVE-2026-5795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-5795 affects version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09ea6b81-a122-5f0b-8e79-c380a269e08b", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh is fixed in version 9.4.50.v20221201-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.50.v20221201-tuxcare.1" } ] }