{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3bd53510-78fe-539d-baf6-2bc666b68fc5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-actuator-autoconfigure", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d5ae5ed7-624e-5c9e-9fd9-dc00cca7b2a6", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea1e27e8-a435-5b13-83bb-8de253ba6b82", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3261a7c0-8c6b-544f-86fd-f6e71f5a0572", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a80768fe-8179-5875-b9fa-3b15b1c5aa6d", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dac9ae25-eee8-5a59-81a2-607b36c4dbe8", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8519c0fc-1bde-59c6-91e5-3e8f5860b30b", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6e5cd4f-f858-56b6-b87f-68352dea354d", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2291b8b3-13b7-53dd-bb7a-3ea8ea8499cf", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9168e8fe-ad66-56f3-8736-5166cf1e27a3", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec0c17f6-961e-5940-8f6a-d5b4128b0d07", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ae9447a-8f74-5c41-b6df-aa01290a09e4", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a215fb7d-4f54-58e7-870f-e8cf7cb943f8", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-actuator-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.7.16-tuxcare.3" } ] }