{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc47bcc8-334f-5f83-a2a8-431119a9a180", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-configuration-processor", "version": "2.7.16-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:877a273f-1e8d-522f-887e-d0c8ccc197dd", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f80e8274-fbf0-5c6b-803a-ffd977da4802", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f190e2ff-6a8e-523a-8f5f-9b92149d1d73", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:608bb67c-cad5-5658-ba7a-77fc33c4025a", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:681c64e5-30d1-5c07-8a31-4dafde7fe442", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2f2ccd4-e9d5-5eee-808e-61e774570379", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3179da0-0215-529c-98b8-51fd82a620ca", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd6244f4-e25a-551a-8be3-7082beeef920", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e2fc6f0-e442-5cc3-84fb-e3423323b30b", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2dd62267-cc61-5b4d-bbf1-1915d4b33e79", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1c90303-41d4-597f-8d5e-87ebb45feae0", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3dcbd33-f47d-51c5-b818-6648c8b5692e", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.16-tuxcare.4" } ] }