{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d82b31ff-00dd-5480-b434-a82d2c3aaace", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-jdbc", "version": "2.3.6.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:abb8f80a-acd0-5bce-b1c0-d5c0692d5ea5", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97db2bdc-6205-56b4-b677-a9b2b615e1ee", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5635099b-d7da-512b-97f3-7e4874c79152", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2077efbe-d287-5065-8014-cd90dafb2287", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-data-jdbc 2.3.6.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3002e653-f0d1-5ef8-84d8-a657abf193f8", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b225147-ffec-5963-9306-0f97d4709908", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f925a398-65b0-5869-a31e-49c97b84a97d", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@2.3.6.RELEASE-tuxcare.1" } ] }