{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3db60d56-3ac6-5ffa-ae74-0b48bec71ed0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12", "type": "library", "group": "org.springframework.boot", "name": "spring-boot", "version": "2.7.18-tuxcare.12", "purl": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5ffdaffa-820d-548f-9b8f-b8d8a92b9b08", "id": "CVE-2023-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-38286 is fixed in version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:83edaa74-6f6e-5c2c-9b16-dfee22735081", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:12d51f9a-69e9-53e1-bdfb-19179266448d", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:40efdfa4-c5d6-5802-913e-0b59fd319747", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9572c192-15f8-51ea-88d3-090e01c776f2", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:a9615dbd-4159-5071-b375-1151aeba8fd5", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:5c6eb31d-bae8-5755-afaa-41900abd5af4", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:8048b71f-94a3-5a7c-bda2-48c463460159", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6fa0ea7c-565d-5eb3-8df8-5e9eea4746d5", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18-tuxcare.12 of org.springframework.boot:spring-boot." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot@2.7.18-tuxcare.12" } ] }