{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0e07b319-60ee-554f-94dc-4e281427562e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-web", "version": "2.4.6-tuxcare.5", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:71685ae2-da8f-54f0-a0b2-736d70db3261", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:32de52ce-3c92-5bf6-a9ae-fc800c6757cb", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:96ace726-bad1-5b52-9cf9-a519de65fbec", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a1f3402-a3fd-5d89-a75f-539f17d83478", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:79303a8a-267d-5ead-ab8b-5fd2ade7e3e6", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:071fccff-5fbf-5703-8a01-7c2313d8a942", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7c04d25-1a1b-5eac-8ddf-fc4dade82c6e", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12f27777-6edd-5d7e-9285-f29b1a6d9ae3", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bfeffa7d-ae9c-51ba-b355-c74b21b893eb", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07b4a41b-66a6-5c06-8442-6a88c1adcec3", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9696d4a6-cd3f-5dc3-9625-68b50e929ad3", "id": "CVE-2026-40974", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40974 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:db4555a9-a765-599a-bd57-cd930cdd2cc7", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a275ec66-c962-56c6-88fe-cface297df9d", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71f0e8f0-2c38-525f-b934-79c12cbe8450", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b1b01003-77da-5fef-8867-79249ba6e76d", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.5 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.4.6-tuxcare.5" } ] }