{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:cac2334e-f367-547a-a4a0-d7329cfc67f5",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:composer/zf-commons/zfc-user@1.0.0",
      "type": "library",
      "group": "zf-commons",
      "name": "zfc-user",
      "version": "1.0.0",
      "purl": "pkg:composer/zf-commons/zfc-user@1.0.0"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:bb771953-e6e7-51d7-a2e3-7da18ce3367c",
      "id": "CVE-2015-1039",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2015-1039 does not affect version 1.0.0 of zf-commons/zfc-user. Fix already present in tuxcare-current/1.0.0 fork. Patched file: https://gitlab.tuxcare.com/els-php/zf-commons-zfc-user/-/blob/tuxcare-current/1.0.0-130-g245c20b/view/zfc-user/user/login.phtml?ref_type=heads#L32 ; upstream commit reference: https://github.com/ZF-Commons/ZfcUser/commit/baf0e460#diff-f37d92a802a3a2f64091f0660b6d0611040703ba48485538342c35b2f484fb1eR31"
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:45a75b25-9779-533c-bef4-2de3f39b9164",
      "id": "CVE-2015-3154",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2015-3154 affects version 1.0.0 of zf-commons/zfc-user."
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:66cd91ac-19c0-5b8f-a41c-8df0ff5988c8",
      "id": "GHSA-96c6-m98x-hxjx",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-96c6-m98x-hxjx affects version 1.0.0 of zf-commons/zfc-user."
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5c15791f-0f23-5e8a-81ec-5d7ddfe6c810",
      "id": "GHSA-cg8w-5jrc-675g",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-cg8w-5jrc-675g affects version 1.0.0 of zf-commons/zfc-user."
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ece4955a-5325-5f5e-98cf-ca414b383dbc",
      "id": "GHSA-f6p5-76fp-m248",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-f6p5-76fp-m248 affects version 1.0.0 of zf-commons/zfc-user."
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:151f338d-2b34-5abe-bf8e-4c0f3c345c70",
      "id": "GHSA-gvpp-6jrj-5pqc",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-gvpp-6jrj-5pqc affects version 1.0.0 of zf-commons/zfc-user."
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:74895f03-f751-5390-b5be-376c461a07e8",
      "id": "GHSA-m7hr-j867-3f34",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-m7hr-j867-3f34 affects version 1.0.0 of zf-commons/zfc-user."
      },
      "affects": [
        {
          "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:composer/zf-commons/zfc-user@1.0.0"
    }
  ]
}