{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:edf6380a-bd6f-50bd-aa18-eef70295b450", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-freemarker", "version": "2.7.18.tuxcare", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1f761cdf-7f23-58d2-9ec1-c491739d39d8", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:636336cc-0b3f-56d2-ab3b-57130fd90185", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:e4cd9bca-a2e8-518f-929b-b3720c652faf", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:555ab180-e1b0-53af-88eb-81dc7062f981", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:f9f13465-9926-5e5d-b76e-64c8e7702558", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:b5907645-8f0f-5d22-86a6-eb8e0d2fb4e5", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:d54d4a7e-394b-5631-9d16-353fe3c50dfa", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:1de0fc5c-c3b7-5c63-b8ee-9db7855e2c41", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:0df5cfdf-ad7b-595f-9c55-c9026276564a", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-starter-freemarker." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-freemarker@2.7.18.tuxcare" } ] }