{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0a2e425b-b8a9-5929-ab5d-cc934ff61b9f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot", "version": "2.4.6-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec741ae3-5389-50ba-8149-6a5eb87fa3ac", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55b3ce1c-2e9f-5548-8f24-3a665124b2fd", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a51b97c-01aa-51da-88a6-2c0cf3f24fc1", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea49994b-9d1a-5f35-bdd8-f137b2822621", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:afd6547e-8755-544b-9cac-ff1109266003", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:723028ef-fb1c-5b1a-9b39-11f383db3f69", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7816aa39-683c-5059-be8c-029e6a10e70a", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:568acf57-a70e-5473-bfa6-c4777c91a248", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b2dd853-196c-50a5-ac6f-301143c48719", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f823eb68-b42b-5977-869d-86caea5d29ac", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:381cecb2-f83a-5fc9-9b69-f8dc3420ebdd", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:187045a7-a527-56c2-94e9-399c2d436e5d", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a61cb47-e742-5728-8186-768323e429ab", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:882e9e2a-8d87-54c9-bd32-1dba0c28da1d", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c98ebda-85a7-5eab-81c4-4cd4217b07d2", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.4.6-tuxcare.3" } ] }