{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:51f5c070-433d-5a8e-a0f3-6d0d4ee31798", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-jarmode-layertools", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f27ea66d-1d04-5544-9fdc-97643dadd1f8", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94d921c7-4159-5443-8f52-3b5f7e1c7186", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8625ebd4-e3e5-5053-b4f0-263c58368a72", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14e380f7-6341-53e3-9826-49eaf6e1506f", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-jarmode-layertools 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e73f7892-0ded-5267-b9bc-4d4ffe9058bd", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73c0d036-b7fe-538c-a6d4-bcd92b973e2f", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0574ab0-fb0b-5a23-a4f5-d280df5a1552", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c78e63e-cf4b-51f3-be1e-1db425aec81f", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e0d32b0-3bf6-5fab-a1fe-8e9c57b76d2f", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24f55c48-d822-583a-9a7f-f3095fcda260", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bda60cf2-8272-5f9a-a03e-effc9f7c56b1", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:341829a7-bee1-59a1-b264-e721e3c91fda", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-jarmode-layertools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-jarmode-layertools@2.3.6.RELEASE-tuxcare.3" } ] }