{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e4803ddf-1247-576d-9b07-e088fb2de8b4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-configuration-processor", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8c557937-93b5-5edc-ad49-3e5154ed83ef", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91d4c602-247d-52a2-9d89-4a6b5514be0e", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:553ca342-cfe4-5b32-bc66-cf511a014774", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7678a80a-6a9a-5a7b-9af0-43d297c14f19", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-configuration-processor 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c284d43-6282-53c0-bd15-58830245d11d", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0df60a6-f34d-5edb-9713-29b870a2afef", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09daab0a-c01b-5478-a8f8-53e582ce2520", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5c26cef-7f94-5b58-aa9c-dfaa27f27e70", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:460e00d1-8cf5-5ef0-95c4-f2124277fd1b", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9cfc1c73-06cc-5673-b1ba-414ce6353c9b", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56a88efc-3044-56f3-924a-1c3b3fa806d5", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bddb1b0-dc4e-5ec5-bdb5-6899fad45f27", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-configuration-processor." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.3.6.RELEASE-tuxcare.3" } ] }