{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3338aa14-1f32-5b15-b73c-fadcf567327f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare", "type": "library", "group": "laravel", "name": "framework", "version": "5.8.38-p2+tuxcare", "purl": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1f03b17e-af28-552b-a984-16939b1f4b05", "id": "AIKIDO-2026-10659", "analysis": { "state": "resolved", "detail": "Vulnerability AIKIDO-2026-10659 is fixed in version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:b084d4dd-c298-55d9-9008-da6c8cb255c8", "id": "CVE-2019-9081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-9081 affects version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:bcfb6931-fa8f-5470-bb07-b7f2ccfe2148", "id": "CVE-2020-24941", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-24941 is fixed in version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:2e270ebc-b30a-5640-8554-025110520a04", "id": "CVE-2021-43808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43808 is fixed in version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:cacc37ff-6456-5e75-8709-13ab9d1e0d62", "id": "CVE-2024-51736", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-51736 affects version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:de55bad4-7bbe-57f1-9203-23b715161407", "id": "CVE-2024-52301", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52301 affects version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:a56394ed-aadb-5eb7-a9dc-09adff982f94", "id": "CVE-2025-27515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27515 affects version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:67a26884-ef00-5e7b-8b30-bf2682851361", "id": "CVE-2026-24739", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24739 affects version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:8a818f21-1246-5701-b76d-767ab0c12774", "id": "GHSA-4mg9-vhxq-vm7j", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-4mg9-vhxq-vm7j is fixed in version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:62ef5e0a-de8a-54bb-9567-0fad92d8847f", "id": "GHSA-5vg9-5847-vvmq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-5vg9-5847-vvmq affects version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:d7f319ba-07c8-5383-999e-b1bfaa38dcef", "id": "GHSA-crmm-hgp2-wgrp", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-crmm-hgp2-wgrp does not affect version 5.8.38-p2+tuxcare of laravel/framework. not_affected \u2014 Laravel 5.8.38-p4+tuxcare is not affected by GHSA-crmm-hgp2-wgrp. The vulnerability affects LocalFilesystemAdapter's temporary signed URL functionality, which does not exist in Laravel 5.8. This feature was introduced in Laravel 11+. The target version only supports temporary URLs for cloud storage (S3/Rackspace), which use different mechanisms that are not vulnerable to this path encoding issue." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:756f6fd5-6970-5fe9-9e26-e2b535b4102c", "id": "GHSA-qm5c-m76r-2hfr", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-qm5c-m76r-2hfr is fixed in version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }, { "bom-ref": "urn:uuid:c7e8aa0c-d841-5c06-a8cc-4df0f2134111", "id": "GHSA-x7p5-p2c9-phvg", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-x7p5-p2c9-phvg is fixed in version 5.8.38-p2+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p2+tuxcare" } ] }