{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c3d1a613-c7a9-5952-9032-8fdfaada1f98", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-configuration-metadata", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:03b13563-ad58-5f64-b965-eb293a684a85", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74842f96-c6e4-5099-a8ca-d260a4620e3b", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5895f25-8078-5caf-84b1-d764b15b103c", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3724007f-bf0d-524a-bde3-e7ddf887e004", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0441127b-b62e-5e79-b5f2-633f182ba834", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac1013aa-91e7-5cf8-931c-6a8c77470aed", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0aaff18d-7c2e-56dd-b259-4bdd976cb5a2", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a52d877-929d-5f1e-a2db-ba78e2e254ca", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31894b08-0918-5b47-b46b-4ada4f485284", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:336040df-297c-595d-91ca-67e8084de8a3", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0baa51b-9f3c-50e0-8bcf-d6dc4b45eaae", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84bf347d-96f2-5001-923e-1c9a94b61c5d", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-configuration-metadata." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-metadata@2.7.16-tuxcare.3" } ] }