{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:80157bb6-9da0-5c92-8cb2-f52fd2f0c595", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1", "type": "library", "group": "org.xerial.snappy", "name": "snappy-java", "version": "1.1.2-tuxcare.1", "purl": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:745018cf-561a-5dc4-862c-1c26e4979c88", "id": "CVE-2023-34453", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34453 affects version 1.1.2-tuxcare.1 of org.xerial.snappy:snappy-java." }, "affects": [ { "ref": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6f348f9-efd8-51aa-9ddf-31d0906d49b4", "id": "CVE-2023-34454", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34454 affects version 1.1.2-tuxcare.1 of org.xerial.snappy:snappy-java." }, "affects": [ { "ref": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26c93b43-425b-5f18-bd4e-6e4bcfc9209d", "id": "CVE-2023-34455", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34455 is fixed in version 1.1.2-tuxcare.1 of org.xerial.snappy:snappy-java." }, "affects": [ { "ref": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:690d1840-94fb-5400-ba8b-c9a54fae7064", "id": "CVE-2023-43642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-43642 affects version 1.1.2-tuxcare.1 of org.xerial.snappy:snappy-java." }, "affects": [ { "ref": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.xerial.snappy/snappy-java@1.1.2-tuxcare.1" } ] }