{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e2f65c47-9aa0-5f5e-afca-10585708c2d7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1", "type": "library", "group": "org.eclipse.jetty.websocket", "name": "websocket-servlet", "version": "9.4.58.v20250814-tuxcare.1", "purl": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:36671a29-75d7-5c6b-9f26-a2fda9490ae9", "id": "CVE-2020-27216", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-27216 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05a31e6d-d4ed-571a-be97-0b885a120798", "id": "CVE-2021-28169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-28169 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a1c3a27-cadc-547a-a2bd-e9af6ebb953b", "id": "CVE-2021-34428", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-34428 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:704a0e24-a303-529d-9e0c-b202fe2f48c9", "id": "CVE-2023-36478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36478 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:300bd4e0-d1e1-5921-bd3e-08b71d0f32ac", "id": "CVE-2023-36479", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-36479 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ff8a874-5fb4-52f3-b811-6b045f7b3169", "id": "CVE-2023-40167", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-40167 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d391f505-376a-5500-be74-7a2d33c889bf", "id": "CVE-2023-41900", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41900 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1502df94-68b0-5bc3-b1d0-7fd86c862ca6", "id": "CVE-2024-22201", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22201 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1074310-9e4a-5810-9fc0-b1f5e9d8f4ce", "id": "CVE-2024-6762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6762 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7444f8a5-2553-5133-b46c-033d7e5ac39b", "id": "CVE-2024-6763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6763 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:002f7310-47b6-57fd-8f9c-717358b4298e", "id": "CVE-2024-8184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-8184 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73653694-a5ac-5718-b107-63cb651d3c9e", "id": "CVE-2025-11143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-11143 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be8fcbf4-dd75-58e1-ae24-9249bfa31b13", "id": "CVE-2025-5115", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-5115 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b518ee0-f0da-536a-bd05-9186900c607c", "id": "CVE-2026-1605", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-1605 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ece75f7e-5a12-5ec0-b3e1-3c7e50734b69", "id": "CVE-2026-2332", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2332 affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:606cac8d-9e25-5096-bba7-ace3ab9373a5", "id": "CVE-2026-5795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-5795 is fixed in version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55e7d0d8-4fc7-5518-a4a7-cfdb95e3293b", "id": "GHSA-58qw-p7qm-5rvh", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-58qw-p7qm-5rvh affects version 9.4.58.v20250814-tuxcare.1 of org.eclipse.jetty.websocket:websocket-servlet." }, "affects": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.4.58.v20250814-tuxcare.1" } ] }