{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d18aa36e-8e17-5fd0-b91a-41ecae9a52b5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-layout-template-json", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:14f1eb69-f7bb-5e9b-ad77-d89717b877bf", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37bcc926-78fa-5f58-b53a-7cf87816b0af", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ee9ed14-b2df-5d93-b0d4-2f9df0bd3d5f", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c069b854-b839-5f81-963a-662b7214f6d2", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fff357f6-8692-5fb8-8a28-764bfb8c893c", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00873ded-286d-5f9e-a675-8d3435768db4", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd9f873d-810a-583d-bd4c-9dfc75398fd7", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76970c4a-9788-57c6-8645-4ab368550e48", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eebc8f07-bcce-5982-9b8d-d35488570132", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69d7c421-5060-55b6-80d6-c3e7a52905bf", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cce0752c-96d7-5956-b486-bbd110293944", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3d8637e-9043-54e1-ad19-a6f4024fa514", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3e5e280-2f09-5e34-9bc1-9a1230150020", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-layout-template-json." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.22.1-tuxcare.1" } ] }