{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cf838cd4-5dfd-5f0a-8cdc-8a3cdf69a5b8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-actuator", "version": "2.4.6.tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d4f8ef22-2000-54ed-8616-13239328f37c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a1aedc3-cdd7-587f-af0b-0b7f9ede093c", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:696f6120-43ee-5505-911c-decf340ca98c", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3102bbf7-70af-57ea-b54d-6fe38ef2649a", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ebfe484-cec5-59e5-a863-d62a8425d5bc", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b261c770-f8ea-5c25-b171-4bb719f6c7f0", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1620d888-915f-57d3-b993-52530183d5d9", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:434f0ebc-8f1e-5d0e-8da2-50562cd37c82", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:beab36a7-68b4-534a-b28a-e1d2be87199a", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d1a6b09-8c5c-5a12-92fe-ea48d0cd6823", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22b7a00b-7c70-58a2-8410-3e00d817d674", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51afe03c-67c5-561c-b1a4-8e4200df505a", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f27ab1e-02f4-5662-9baa-066fc97ee181", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.4.6.tuxcare.2" } ] }