{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:81da8330-02ce-5a3f-ad74-3286d47aefe9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "org.springframework.boot.gradle.plugin", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:803c90d6-9a26-5177-b620-7a3ab34af625", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b8281e1-4516-5dcc-98f3-94e1dd2b7349", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35cbad5e-6711-5939-ae03-63b49cfb8750", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82e9171b-3ded-5acb-8d6e-f7183cf675f6", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:org.springframework.boot.gradle.plugin 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3751932-fb1d-59ca-9aa1-e16343d166dc", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a2cc447-3685-55db-b265-3624c61542f4", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15aa64c3-ed73-5497-88b6-6bfefe35ba65", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:771283a0-81dd-5942-9909-eba0888c1bd7", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8eb2ed3-872d-5f52-92e4-29d9accd5b61", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8425aba0-38f6-5e56-971a-a09f9d1dc677", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f39e523-c8d6-5d8b-a22e-0613db6f99e7", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aeeba8ca-9596-5bf6-8499-399773748fde", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.3.6.RELEASE-tuxcare.3" } ] }