{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:cc10e542-a225-5dd3-9f70-005094e41a01",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:composer/guzzlehttp/psr7@1.4.2",
      "type": "library",
      "group": "guzzlehttp",
      "name": "psr7",
      "version": "1.4.2",
      "purl": "pkg:composer/guzzlehttp/psr7@1.4.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:314edc37-e6de-5036-b165-066a3a9194f5",
      "id": "CVE-2022-24775",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-24775 affects version 1.4.2 of guzzlehttp/psr7."
      },
      "affects": [
        {
          "ref": "pkg:composer/guzzlehttp/psr7@1.4.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0aa14774-6cdb-596c-bacc-55bb8784e47b",
      "id": "CVE-2023-29197",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2023-29197 does not affect version 1.4.2 of guzzlehttp/psr7. Version 1.4.2 is not vulnerable. Summary: CVE-2023-29197 does NOT affect version 1.4.2. The vulnerable code (header validation regex without /D modifier) was introduced ~3 years AFTER this version (in commit 092dbc2 on 2020-01-09, first appearing in version 2.0.0). Version 1.4.2 predates the introduction of the assertHeader() and assertValue() validation methods entirely. Since the vulnerable code pattern was never present in this version, it is not vulnerable to this specific CVE."
      },
      "affects": [
        {
          "ref": "pkg:composer/guzzlehttp/psr7@1.4.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5620c88d-0093-5749-ab73-7581ce75885a",
      "id": "CVE-2026-48998",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-48998 affects version 1.4.2 of guzzlehttp/psr7."
      },
      "affects": [
        {
          "ref": "pkg:composer/guzzlehttp/psr7@1.4.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:796415a5-4c6f-5c6e-b55c-6895af9f088f",
      "id": "CVE-2026-49214",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-49214 affects version 1.4.2 of guzzlehttp/psr7."
      },
      "affects": [
        {
          "ref": "pkg:composer/guzzlehttp/psr7@1.4.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c01205f1-a0ea-5811-b900-d7ef9fa2bf8d",
      "id": "CVE-2026-55766",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-55766 affects version 1.4.2 of guzzlehttp/psr7."
      },
      "affects": [
        {
          "ref": "pkg:composer/guzzlehttp/psr7@1.4.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:composer/guzzlehttp/psr7@1.4.2"
    }
  ]
}