{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:981f5c4a-d8d7-5c21-bd04-86d01fb9ff79", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare", "type": "library", "group": "drupal", "name": "core", "version": "9.5.11-p2+tuxcare", "purl": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f736d204-c8d1-5db7-a63c-7c6307fd3288", "id": "CVE-2024-12393", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-12393 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:aae3a96c-4244-55b1-bd47-284e225639c1", "id": "CVE-2024-45440", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-45440 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:95c1b94e-fcd5-5190-b566-104f3ab1ac59", "id": "CVE-2024-55634", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55634 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:2e58c006-415f-534b-8f2c-42b5c813dc0d", "id": "CVE-2024-55636", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55636 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:fad56877-f87a-5ced-9ffd-c760294b5a21", "id": "CVE-2024-55637", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55637 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:b03b9935-3f7e-5838-952c-b5f26bd35a81", "id": "CVE-2024-55638", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55638 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:73c80846-26bd-5aec-9ec2-d6642fb09a72", "id": "CVE-2025-13080", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13080 affects version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:7908016f-1e29-506d-8296-2c0375c97dc9", "id": "CVE-2025-13081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13081 affects version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:d8bfa6c6-cda6-59ad-b9dc-6767977879b2", "id": "CVE-2025-13082", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13082 affects version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:be7c56cc-491d-59dc-9f76-0cd2135d8d16", "id": "CVE-2025-13083", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13083 affects version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:4fb74059-8447-5d53-8472-17aedfec4f70", "id": "CVE-2025-3057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-3057 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:10b35cce-34b2-5295-a694-2ede3209f8f3", "id": "CVE-2025-31673", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31673 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:0cf07b40-8b87-57b8-bffb-78be6ed30629", "id": "CVE-2025-31674", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31674 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:9b311f96-86c6-5ae0-ba96-ccaf6f59671f", "id": "CVE-2025-31675", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31675 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:d17e1b5d-70ca-5501-b433-a1b2f77ecc84", "id": "CVE-2026-6365", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-6365 is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:9840d7a6-a1ba-5834-88ef-2720e71e38b4", "id": "CVE-2026-6366", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-6366 affects version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:3e1b0aff-80f5-53ed-b48d-013e993d0c3f", "id": "CVE-2026-9082", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-9082 affects version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:9b406811-6f3e-5b73-88b4-73a72b8ffcdf", "id": "GHSA-6CCV-8FGF-CJPW", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-6CCV-8FGF-CJPW is fixed in version 9.5.11-p2+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:c08b0781-95d5-5e51-a075-1b288577ea7a", "id": "GHSA-6ccv-8fgf-cjpw", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-6ccv-8fgf-cjpw does not affect version 9.5.11-p2+tuxcare of drupal/core. already_fixed \u2014 Target repository already contains the security fix for GHSA-6ccv-8fgf-cjpw. TuxCare backported the upstream patch in commit 2de76611 (PHPELSCVE-331), adding the missing NotFoundHttpException catch block to PathBasedBreadcrumbBuilder::getRequestForPath() that prevents denial-of-service attacks via crafted comment reply URLs." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:composer/drupal/core@9.5.11-p2+tuxcare" } ] }