{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c3d3f8c-76eb-5161-b036-b20c1f0f99eb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-layout-template-json", "version": "2.22.1-tuxcare.2", "purl": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d18fa100-547b-54eb-b73f-ea7f34c09b22", "id": "CVE-2014-8180", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-8180 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f15a8171-fae9-5995-8472-8bb807bb0177", "id": "CVE-2016-6494", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2016-6494 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4abd42a7-8c5b-529c-b9c8-a2d39ff51afa", "id": "CVE-2021-32036", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-32036 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c154dacf-734a-50fc-bdff-d54ee5e0eef1", "id": "CVE-2021-38295", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-38295 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7773ec19-3ac9-54a3-bdf8-e87a079d3604", "id": "CVE-2022-24706", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-24706 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00742ecf-d9a2-5bc5-a9ba-a48e64ef2311", "id": "CVE-2023-26268", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-26268 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5308f74-c87f-54d4-8561-8e3571cbf3bb", "id": "CVE-2023-45725", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-45725 is a false positive for org.apache.logging.log4j:log4j-layout-template-json 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76eaaf71-95f7-56a7-aaaa-9e40630fe917", "id": "CVE-2025-68161", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-68161 is fixed in version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e777851-52e4-5f8c-825f-88524fd4d5a8", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78311b21-c79b-5210-b1ec-07921fa13eb3", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b4268c5-1e41-5640-ba29-611ab3323125", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75a1569e-a8e6-50af-a620-b1e9559459d7", "id": "CVE-2026-34481", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34481 is fixed in version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.2" } ] }