{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0f3cf43d-c5e4-57c0-b81d-787897b05c3b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare", "type": "library", "group": "laravel", "name": "framework", "version": "5.8.38-p3+tuxcare", "purl": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3814a663-da8f-5798-a1b8-2636ee0e33f0", "id": "AIKIDO-2026-10659", "analysis": { "state": "resolved", "detail": "Vulnerability AIKIDO-2026-10659 is fixed in version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:46870f5f-ea1b-5470-bf36-90a16de92621", "id": "CVE-2019-9081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-9081 affects version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:5d87a47c-a734-54b1-93ad-b653fb5d7bef", "id": "CVE-2020-24941", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-24941 is fixed in version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:e3331f78-93eb-5e7b-bf2c-6c2db2770fa6", "id": "CVE-2021-43808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43808 is fixed in version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:2605b373-426b-5cc6-a308-a2dc6ce20ac0", "id": "CVE-2024-51736", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-51736 affects version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:33cabb4c-50a0-59ba-b481-e44e1f6d1a56", "id": "CVE-2024-52301", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52301 affects version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:6a3f7f4d-e6eb-5f3b-a4f6-4bcd08411c72", "id": "CVE-2025-27515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27515 affects version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:82de893c-89b0-50fa-8260-a00afdc9a1aa", "id": "CVE-2026-24739", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24739 affects version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:80379fa1-6e8f-5238-b7e6-62d26ac94df6", "id": "GHSA-4mg9-vhxq-vm7j", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-4mg9-vhxq-vm7j is fixed in version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:9e56d6fd-3b05-5782-a934-9fa079e8ccb1", "id": "GHSA-5vg9-5847-vvmq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-5vg9-5847-vvmq affects version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:39358311-31f5-530a-ae1f-37ab552a9f44", "id": "GHSA-crmm-hgp2-wgrp", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-crmm-hgp2-wgrp does not affect version 5.8.38-p3+tuxcare of laravel/framework. not_affected \u2014 Laravel 5.8.38-p4+tuxcare is not affected by GHSA-crmm-hgp2-wgrp. The vulnerability affects LocalFilesystemAdapter's temporary signed URL functionality, which does not exist in Laravel 5.8. This feature was introduced in Laravel 11+. The target version only supports temporary URLs for cloud storage (S3/Rackspace), which use different mechanisms that are not vulnerable to this path encoding issue." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:b80e3dff-664d-54b7-aec3-1ab943bf03e4", "id": "GHSA-qm5c-m76r-2hfr", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-qm5c-m76r-2hfr is fixed in version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }, { "bom-ref": "urn:uuid:98480700-8f44-561d-aee7-abbdff783d5a", "id": "GHSA-x7p5-p2c9-phvg", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-x7p5-p2c9-phvg is fixed in version 5.8.38-p3+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p3+tuxcare" } ] }