{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f175606a-5185-5732-a16f-7b430eb44291", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-reactor-netty", "version": "2.3.6.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07d8bd85-10ca-5de0-9b86-c12f99217829", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4526d73-613e-5a22-baac-18678b10f792", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65cdfbdd-428b-500c-9797-ed2f75537cee", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a97e3868-74d0-5d0a-99a4-1bb268809e79", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-reactor-netty 2.3.6.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30f2f85e-9eb5-597c-a2b3-6288b4a82f9b", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5dcc7c29-7f70-5df8-97e1-584e33175b4d", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dea15806-226f-5e18-82dd-6505781bcdf0", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b294bec-c758-5254-a8fb-d80b3a324c1d", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce1788ee-cf76-5057-adc1-254b5bc81b76", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea5407c4-f3d7-553a-81c1-5a620aa47c40", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d388cbb-7e2f-57a5-94dd-a0b2efe9f333", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3990cf10-250a-53e5-9c76-b6f037e61841", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-reactor-netty." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@2.3.6.RELEASE-tuxcare.1" } ] }