{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60962fd8-a340-5c3d-9337-9a085f92696c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-properties-migrator", "version": "2.7.18.tuxcare.5", "purl": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:131d0ce2-0c5e-5cb7-a90e-3da9c0c50fb9", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ea974ef-5199-5784-a84c-bb1da009439a", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:44a03fc5-fc77-5cfe-bd3c-1f9354edae2a", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f32ebdc1-2fbe-5b70-9b04-811cd40ebb7d", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b8ba8f2-7784-550a-94be-c449f4e9b2eb", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2aa71a8e-e245-53bf-80ed-a605ed81cf4b", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:06f949f6-4f70-5aea-b1e0-b4f2aa6cf8fa", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66ea460a-cdb9-529e-bb27-60ca0425f0d2", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:139ff064-38cd-5c74-be44-799ed944b968", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:650203c1-b5ad-5803-892a-f5f9a98edcfc", "id": "CVE-2026-40992", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-40992 does not affect version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator. not_affected \u2014 Spring Boot 2.7.18 is NOT AFFECTED by CVE-2026-40992. The vulnerability exists in the SSL auto-configuration feature (spring.mail.ssl.*) introduced in Spring Boot 3.4+/3.5+/4.0+, which does not exist in version 2.7.18. The target version uses a simpler architecture where all SSL configuration is manual via spring.mail.properties.*, and the auto-configuration does not handle SSL at all." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eea6602e-0e52-5172-8946-b64816166fd2", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-properties-migrator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-properties-migrator@2.7.18.tuxcare.5" } ] }