{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3f205d1b-9468-5e3f-ad93-7344cbc789cc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-elasticsearch", "version": "2.7.16-tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bb6b62f4-3a2b-5736-a959-b9ca880bafd5", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e69ef0f0-7f3a-5206-ae53-e1fa95b4dc0e", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b88e9169-6867-5844-9685-ff5f781c1689", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f54503fa-aa7a-56f2-a232-7ddff5b2928a", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65df22f1-fff7-5391-ba6a-1fa7a684e4e5", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55ce0032-2105-5590-8a51-654ffba00fd9", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8400eb29-687e-5ee6-b1d4-af6b4e8f5997", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f750ec1e-5095-5a4d-bb28-0a35bd682d66", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:115aeb3f-5326-562a-b7a5-715c9f9af4c4", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c79cff1-532f-5d66-8781-65d48c3f4a2e", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98df1e3a-ef2d-5b13-b4e8-05e25c276932", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1eb1019-bd4f-5d38-8dba-df0ed41362fc", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.7.16-tuxcare.2" } ] }