{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9c009da9-38fd-5f06-ab37-ce64fbec62b8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-loader-tools", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f4bd431c-c702-57d6-845e-93617ba00426", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ecf92b4-4910-524b-b066-bcd614528430", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8837c7ab-3561-561a-89cd-918b98b70fee", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26dde098-ecec-5937-816a-25503c111ee6", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-loader-tools 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb81fb0d-c72b-560c-b2f0-6729890ab961", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bc5fc41-78b4-529e-9db7-76f79c4964e9", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac6cc245-b17e-52ed-bc31-932423ba9448", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:015414ae-01f8-52ca-be02-1c5103c1e7db", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e55e603-df21-5969-9070-d4c2959dc4bd", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9825219b-3cd4-5939-b469-954ac0bde4fe", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:081656e5-f301-5684-bbf8-6c45c78232c9", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82ee5ac9-76f9-5d67-b282-e2e8b7c8c147", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-loader-tools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader-tools@2.3.6.RELEASE-tuxcare.3" } ] }