{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1aa5146c-ee2c-50f9-b3c0-3a5d1e31e48d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2", "type": "library", "group": "com.google.protobuf", "name": "protobuf-bom", "version": "3.21.1-tuxcare.2", "purl": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d7f88818-1668-5fa9-86d4-2a0ad8d9b09d", "id": "CVE-2022-3171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-3171 affects version 3.21.1-tuxcare.2 of com.google.protobuf:protobuf-bom." }, "affects": [ { "ref": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5799ff6e-818f-5cc6-b004-7c494beadfdd", "id": "CVE-2022-3509", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-3509 is fixed in version 3.21.1-tuxcare.2 of com.google.protobuf:protobuf-bom." }, "affects": [ { "ref": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d591df36-481e-56c5-ac52-efd5f116d9ed", "id": "CVE-2022-3510", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-3510 affects version 3.21.1-tuxcare.2 of com.google.protobuf:protobuf-bom." }, "affects": [ { "ref": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cc881b9-c0e4-576e-92b4-45f1ddb65565", "id": "CVE-2024-7254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-7254 is fixed in version 3.21.1-tuxcare.2 of com.google.protobuf:protobuf-bom." }, "affects": [ { "ref": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.google.protobuf/protobuf-bom@3.21.1-tuxcare.2" } ] }