{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c31e1eea-94ef-5bc2-bb52-6c00f52b8b32", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-hateoas", "version": "2.7.18-tuxcare.15", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e34f1241-730f-5895-8fe0-94b15aa69ef7", "id": "CVE-2023-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-38286 is fixed in version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:ffffc841-67b8-570d-bc12-383bb8800244", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:44243036-973c-59e1-a6b1-d009500c2175", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:696bb436-2473-5958-a2db-c1e0729543ac", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:d2c5a08a-5c5c-5b33-b645-28fa0c912461", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:f74ce01c-7317-57fb-b5fb-1d8aea3703f5", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:ba11764a-a898-5b78-932c-ec728e30a0f5", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:5f7c3f66-6cd7-5e2f-a460-4bc5df3cedd6", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:42b4f4b4-d249-5392-bb35-4e6d9e91e73a", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:7edec048-bce0-540d-b67e-ca7aae2cdcfd", "id": "CVE-2026-40992", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-40992 does not affect version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas. not_affected \u2014 Spring Boot 2.7.18 is NOT AFFECTED by CVE-2026-40992. The vulnerability exists in the SSL auto-configuration feature (spring.mail.ssl.*) introduced in Spring Boot 3.4+/3.5+/4.0+, which does not exist in version 2.7.18. The target version uses a simpler architecture where all SSL configuration is manual via spring.mail.properties.*, and the auto-configuration does not handle SSL at all." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }, { "bom-ref": "urn:uuid:4bd8ac64-bdad-587b-b3cd-64d692dab221", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.18-tuxcare.15 of org.springframework.boot:spring-boot-starter-hateoas." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-hateoas@2.7.18-tuxcare.15" } ] }