{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e4e646d6-659c-5e6b-8baa-7fc655847a52", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-rsocket", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bb5951e8-5b18-579a-b21f-ce402f89842c", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f85db9f4-aadc-51cc-ac49-d0178d0fda5f", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0116e728-443c-5383-944b-50d2544858a0", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a324efa-e14c-534f-9f94-6e59d4a56685", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-rsocket 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04a7b566-e5ec-5e1d-8bf0-37d4daa7fcfa", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:378eec4f-155d-55af-88fe-7f9fd9b45767", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4a11653-0324-5cc6-bcc5-1e75a07057a8", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:651bbc81-c755-5ad9-9e8d-41fc52c0539f", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70d1e136-07c7-508d-9843-8ca0ed636996", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32e3ed4b-db30-5cbe-9121-7a233cff99a6", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a41a6ce-e284-5ce4-bc8f-3b2c1ec2cbe9", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9be6d167-0e1c-5dc6-8d62-f4f99d3c2045", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-rsocket." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-rsocket@2.3.6.RELEASE-tuxcare.3" } ] }