{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:13c8e592-a200-5a6e-b13a-7f5e9902c51a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare", "type": "library", "group": "drupal", "name": "core", "version": "9.5.11-p3+tuxcare", "purl": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:13419e1f-2e6f-5faa-8f9e-00cf19891764", "id": "CVE-2024-12393", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-12393 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:0019cc2a-5eaa-582a-8069-0a38f89aa625", "id": "CVE-2024-45440", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-45440 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:644b2c50-0d91-5813-ad9f-25652f01c6fc", "id": "CVE-2024-55634", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55634 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:04f613ac-2f34-5e39-9463-6a135b7f2c7f", "id": "CVE-2024-55636", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55636 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:d7023c74-369b-5493-bc5b-72a8ba53bd4f", "id": "CVE-2024-55637", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55637 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:ccf7995d-9226-551a-85f9-d2e77b876eac", "id": "CVE-2024-55638", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-55638 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:0d196bad-1b6f-50ee-8cbb-18e96bcb2ce0", "id": "CVE-2025-13080", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13080 affects version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:1e8982b2-40f7-52a7-810e-373253f0e9b1", "id": "CVE-2025-13081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13081 affects version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:0c33270e-a990-591d-9e37-05d1ce3d992c", "id": "CVE-2025-13082", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13082 affects version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:84fd0ac8-dfac-571d-825e-1cb6d3b7e0ae", "id": "CVE-2025-13083", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13083 affects version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:94e882d8-457f-5367-925a-a98d4ea609a6", "id": "CVE-2025-3057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-3057 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:8d3ece9a-0ef2-5723-a261-efff5191fd19", "id": "CVE-2025-31673", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31673 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:1f0dd658-faa4-5d62-aa6e-cf9ee65bf3f9", "id": "CVE-2025-31674", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31674 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:f945215d-a553-591f-8420-936d726a7eb1", "id": "CVE-2025-31675", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31675 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:c8f860cf-486b-5065-8125-2dff5a422c63", "id": "CVE-2026-6365", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-6365 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:f26961c0-48e3-56df-95a7-23d631332b03", "id": "CVE-2026-6366", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-6366 affects version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:499df03f-b793-5061-bc47-a756914d8726", "id": "CVE-2026-9082", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-9082 is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:8a6a4fa7-e96f-5f15-83b2-dbc3802fd9af", "id": "GHSA-6CCV-8FGF-CJPW", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-6CCV-8FGF-CJPW is fixed in version 9.5.11-p3+tuxcare of drupal/core." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:28d0590c-7da7-5915-b786-34b6877ad7b0", "id": "GHSA-6ccv-8fgf-cjpw", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-6ccv-8fgf-cjpw does not affect version 9.5.11-p3+tuxcare of drupal/core. already_fixed \u2014 Target repository already contains the security fix for GHSA-6ccv-8fgf-cjpw. TuxCare backported the upstream patch in commit 2de76611 (PHPELSCVE-331), adding the missing NotFoundHttpException catch block to PathBasedBreadcrumbBuilder::getRequestForPath() that prevents denial-of-service attacks via crafted comment reply URLs." }, "affects": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:composer/drupal/core@9.5.11-p3+tuxcare" } ] }