{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:41ba10fb-f08f-5a9e-9cf1-c9ca24e8a286", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-autoconfigure", "version": "2.7.16-tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d32f4127-d546-5e85-9d71-06c9e5324629", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cc8bc18-0eb8-5548-9d20-402ec75e68ef", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ce04df1-4a29-5c82-9c8b-d4fc35b99f2c", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:843f2aa9-3590-5cdf-9b60-93b8320a68bf", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55dbbb9b-6896-5fa5-b213-c5d33c531f96", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89c30da4-7ed7-5858-9d20-e6c42bb02d93", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60d01800-18e2-5be1-96bc-2fd474b9da64", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e715eba-f3a0-5a7b-80d8-ed847c12b487", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32b0b424-dc4e-5287-9b16-fc33cb6e37ab", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:182a1f8a-8f53-5927-bc86-a06a7e7b0b08", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db67ac44-7512-501e-a80b-85a221d0f245", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b904f864-6a48-5cd3-9b78-8a1249c9ddd5", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.16-tuxcare.2" } ] }