{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:70793be1-5d0a-53ba-9955-547621a4ca99", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-web", "version": "2.4.6-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2da4cfe5-a47b-5927-a824-c509c6a61b63", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20c64c35-45e6-5c9d-8f8e-6a973276cfac", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a34176e2-b153-5886-a049-7e209bb385a6", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9950387-4d7f-55b2-9f73-57664dbf5eb5", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d4a7f591-a6aa-5d63-a668-2a8dbdaa7cab", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f704bf1f-dc36-562a-ae98-79d4704db73a", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea49f0c8-d0d8-5345-96f0-c69e554530d8", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:975949a2-968e-51b0-8ff8-c62be665ac47", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3825c54b-504b-57d5-a022-94fd899bcaca", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b9a7bf7-b794-56ea-bf76-ebb857519ff1", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b30175a8-43c0-5b75-b668-bf4ef7742918", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9399d50-f1d9-5863-8dd4-f4e4ceca1609", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98cecabf-ef20-5bc0-9e21-688457fda173", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:417f6cf9-8296-59b9-af38-ba21cfb6a9a4", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfa4efab-c5b8-5a65-9ca5-d88d8a8a5f60", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.4" } ] }