{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9132c090-ae44-5e8b-9e58-c50462a7acc8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-parent", "version": "2.4.6.tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6cb09c24-b5fa-513a-9650-efe0919cce7f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fba3be45-9ffe-5dca-9118-5621138ca12c", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8623443-7e19-59bd-8cbf-9a4c27842532", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47c0fb78-a84f-5e9a-81b5-ad8911a51952", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f6068b2-2593-594d-b6ac-ff9334b6096a", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1396b0cd-93ef-5eec-a415-3d72cb9732bd", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:260594da-1f08-50b1-8bb1-6f406c8cd139", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6f8af8e-52ea-5e97-b9dd-0ac9b4770a5d", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.4.6.tuxcare.2 of org.springframework.boot:spring-boot-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-parent@2.4.6.tuxcare.2" } ] }