{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:55f7dcdb-74c1-5bce-a575-e162d89cea33", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-web", "version": "2.3.6.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10f2c055-c9ad-5fb3-8bc2-427961780a9b", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3d97d70-e890-5328-be19-2fe18573d1c9", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4796ca63-57f7-59b6-8ba0-ed1622056514", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b87f502-2600-545a-94d3-8b1fff5f24eb", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-web 2.3.6.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52a64a70-907c-5f08-a885-ed530f8be6fb", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84c45cfa-812e-51b4-ae85-a25d4398a749", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6875b034-8a63-5096-be9c-56ce235720c0", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.1 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.6.RELEASE-tuxcare.1" } ] }