{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f86a45b7-4f61-5253-b41b-084ab11b525b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/merge@1.2.1-tuxcare.1", "type": "library", "name": "merge", "version": "1.2.1-tuxcare.1", "purl": "pkg:npm/merge@1.2.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:56218699-481a-59cb-9462-9b3cefdbe2ea", "id": "CVE-2019-15598", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-15598 is fixed in version 1.2.1-tuxcare.1 of merge." }, "affects": [ { "ref": "pkg:npm/merge@1.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4ff19df-333e-54db-a899-0cf36abb482e", "id": "CVE-2019-15599", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-15599 is fixed in version 1.2.1-tuxcare.1 of merge." }, "affects": [ { "ref": "pkg:npm/merge@1.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f5d37b7-5165-5994-9890-64b4d3c27326", "id": "CVE-2020-28499", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28499 affects version 1.2.1-tuxcare.1 of merge." }, "affects": [ { "ref": "pkg:npm/merge@1.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63fd4bc0-f61f-503d-9dd8-df95da3c5268", "id": "CVE-2020-7598", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-7598 is fixed in version 1.2.1-tuxcare.1 of merge." }, "affects": [ { "ref": "pkg:npm/merge@1.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9904920-485b-504c-ad43-593454aedf0c", "id": "GHSA-j4mr-9xw3-c9jx", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-j4mr-9xw3-c9jx is fixed in version 1.2.1-tuxcare.1 of merge." }, "affects": [ { "ref": "pkg:npm/merge@1.2.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/merge@1.2.1-tuxcare.1" } ] }