{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:710b35a7-66b2-5104-8486-c571180b3190", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-log4j2", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9fc4f8aa-2abf-5b9c-b75e-e857aa3f3a85", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b877cc33-9236-503b-b3b3-21af579e5d8c", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b9f6891-7521-5604-819f-caa4dc495c5c", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5c7944d-b72b-5a70-a2e4-73b00549c62b", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-log4j2 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01ebcddb-d943-5fa5-9278-5d3cd949ddda", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93af4c0e-22f3-5b93-8a8a-ac366a5ce2bc", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:921e15fe-1cea-5289-a7eb-c524ebdc313e", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1a3fb0d-4947-56e2-a8b5-b1dc83033d1c", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:557c8a27-fdd7-561d-b42b-26bbbe65afd7", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:150b5273-ba72-5512-842f-e465bf32a96e", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a615b9f-059f-5db9-a73d-306749d22628", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3650935d-2ce9-5c97-8e42-37e65eabb94f", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.3.6.RELEASE-tuxcare.3" } ] }