{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4b3f95b3-8099-5383-99b8-2294f556d99e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-redis", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:62847e8d-dd65-5197-a131-ba0c5c35c337", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7433ef69-c1b9-597c-9f42-faf349c10a3a", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ee2a4fb-a546-56bb-a6f7-77224ea91fae", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53b3394f-67bc-5400-a608-6b8e9a573931", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-data-redis 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46c7c797-7fb0-5682-9bf9-3fbdd6a1bd18", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c618d6c6-90dd-5079-83d9-818edbe74833", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0d02f9c-9064-586d-91e7-4a5ceb4f4def", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f68aca4-ff2b-53ee-8a80-69dd04f9faa3", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d1ff1c9-0b1e-503e-9cf2-4eb217d1981a", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04798c50-a013-5f01-9ab2-3d7fd5d4223f", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bed53b1c-f5c0-5ed9-bf39-cf951aaf0c61", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78521652-f815-59c8-a589-256da3015762", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-redis." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@2.3.6.RELEASE-tuxcare.3" } ] }