{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:38dc0864-1b10-5781-b2a4-d4c1d6849078",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:composer/symfony/http-kernel@v4.4.51",
      "type": "library",
      "group": "symfony",
      "name": "http-kernel",
      "version": "v4.4.51",
      "purl": "pkg:composer/symfony/http-kernel@v4.4.51"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:b49984df-efe9-5757-9d78-a56cc921da8f",
      "id": "CVE-2024-50345",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2024-50345 does not affect version v4.4.51 of symfony/http-kernel. not_affected \u2014 CVE-2024-50345 affects symfony/http-foundation's redirect URL validation. This repository is symfony/http-kernel, which depends on http-foundation but does not contain redirect URL creation or validation logic. The vulnerability pattern (inadequate validation of browser-sanitized URLs in redirects) does not exist in http-kernel's own codebase."
      },
      "affects": [
        {
          "ref": "pkg:composer/symfony/http-kernel@v4.4.51"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:476ca200-61f1-5528-aca4-cd63eb16c251",
      "id": "CVE-2025-64500",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2025-64500 does not affect version v4.4.51 of symfony/http-kernel. not_affected \u2014 The symfony/http-kernel repository does not contain the vulnerable code. CVE-2025-64500 affects the Request class in symfony/http-foundation, which http-kernel uses as a dependency. The vulnerable PATH_INFO interpretation logic that can produce paths without leading '/' exists only in http-foundation's Request class implementation, not in http-kernel's codebase."
      },
      "affects": [
        {
          "ref": "pkg:composer/symfony/http-kernel@v4.4.51"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:composer/symfony/http-kernel@v4.4.51"
    }
  ]
}