{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6f168680-8e0e-5a9e-8db2-6c0194ec4e00", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-log4j2", "version": "2.7.18.tuxcare.5", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:115de1ce-f0e1-5c3b-a9e7-0942947e3e17", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7bd79a83-773b-5561-91c5-70bc19705364", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8aa2edff-6780-51a5-969e-4daee77ad303", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac196af7-8f73-5638-a5d4-e99742714f9b", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:749df15d-55ea-57e9-90cb-3dfef3c34d0f", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:649c06e3-7c54-5fe7-9156-641deb4452f1", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8be7498d-6a9f-5fed-a33c-2463bcdb034f", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d88bbf7-0a53-51e9-9096-19f653c19adc", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e26f7a43-c63f-5b93-b926-d9746781bc9d", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.5" } ] }