{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8b5d91fb-df11-5c65-973e-48f70231f8de", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare", "type": "library", "group": "laravel", "name": "framework", "version": "5.8.38-p4+tuxcare", "purl": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8c6706e5-9613-5a91-b81e-1908494b957b", "id": "AIKIDO-2026-10659", "analysis": { "state": "resolved", "detail": "Vulnerability AIKIDO-2026-10659 is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:df95f1b8-735d-51e3-b68f-9647f8d72b50", "id": "CVE-2019-9081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-9081 affects version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:c4efe285-d0fb-5fc8-ab9a-cab51f3a9dfb", "id": "CVE-2020-24941", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-24941 is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:2b0ebd31-6609-5901-a26c-de74539fec3e", "id": "CVE-2021-43808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43808 is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:06de94e1-edd6-59fe-b6c7-970947eea09a", "id": "CVE-2024-51736", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-51736 affects version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:324213c6-baf4-55e7-846f-7acdaab06f71", "id": "CVE-2024-52301", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52301 is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:2de46681-b021-5169-88c1-40a1ec7bf084", "id": "CVE-2025-27515", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-27515 is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:09ba759b-96fb-5187-9031-a74038f7bad9", "id": "CVE-2026-24739", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24739 affects version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:479bf41c-1528-50ce-a076-922523b86326", "id": "GHSA-4mg9-vhxq-vm7j", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-4mg9-vhxq-vm7j is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:58102e50-a84a-564d-9dfd-fb608ec01b5e", "id": "GHSA-5vg9-5847-vvmq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-5vg9-5847-vvmq affects version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:6fea781c-a6d9-52f0-be70-113cc477e88e", "id": "GHSA-crmm-hgp2-wgrp", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-crmm-hgp2-wgrp does not affect version 5.8.38-p4+tuxcare of laravel/framework. not_affected \u2014 Laravel 5.8.38-p4+tuxcare is not affected by GHSA-crmm-hgp2-wgrp. The vulnerability affects LocalFilesystemAdapter's temporary signed URL functionality, which does not exist in Laravel 5.8. This feature was introduced in Laravel 11+. The target version only supports temporary URLs for cloud storage (S3/Rackspace), which use different mechanisms that are not vulnerable to this path encoding issue." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:99439500-dad8-501a-b17a-c87f4d0d8346", "id": "GHSA-qm5c-m76r-2hfr", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-qm5c-m76r-2hfr is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }, { "bom-ref": "urn:uuid:338875ff-ae61-59eb-8da5-451d453b758c", "id": "GHSA-x7p5-p2c9-phvg", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-x7p5-p2c9-phvg is fixed in version 5.8.38-p4+tuxcare of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:composer/laravel/framework@5.8.38-p4+tuxcare" } ] }