{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:712e640d-72e3-50b1-82e4-7b799aba3de3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-devtools", "version": "2.4.6-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:71b64fe8-168c-571a-b737-582a3948cf2d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:067caff5-75c9-58ea-a31b-e5de73f32f46", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bd516ab-6b0a-528c-aa9d-b6cd413c914b", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87f1c9f3-8959-5341-97da-fba1481d72aa", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:424ce59a-92ae-524d-8695-e39140e36a00", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04f211d0-a8a1-5e7e-b211-7c904c1d9965", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51720465-0b8c-5075-a0bb-c4cd3211dc8b", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0e7c748-9b77-5004-aa91-8ebeeb642ce7", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79fc32ce-f852-5fb0-9474-74c591d3f5d1", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94a476c5-be77-5b93-bf29-df342d9e6c55", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f700391d-416e-506c-8538-20df365afded", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcc7e5d5-d1fd-55b0-a206-704a5b30c248", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f60c9b1d-ade9-57d0-abdc-c9b684083f31", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd0d30c8-7dd7-5088-bc65-3a81c07ddef1", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfa5b93a-7e35-56dd-80f2-9d2446a16dae", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.4.6-tuxcare.3" } ] }