github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-9/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "vulnerabilities": [ 6 { 7 "id": "CVE-2020-11896", 8 "analysis": { 9 "state": "not_affected", 10 "justification": "code_not_reachable", 11 "response": ["will_not_fix", "update"], 12 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 13 }, 14 "affects": [ 15 { 16 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 17 }, 18 { 19 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 20 }, 21 { 22 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 23 } 24 ] 25 }, 26 { 27 "id": "CVE-2020-11897", 28 "analysis": { 29 "state": "not_affected", 30 "justification": "code_not_reachable", 31 "response": ["will_not_fix", "update"], 32 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 33 }, 34 "affects": [ 35 { 36 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 37 }, 38 { 39 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 40 }, 41 { 42 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 43 } 44 ] 45 }, 46 { 47 "id": "CVE-2020-11898", 48 "analysis": { 49 "state": "not_affected", 50 "justification": "code_not_reachable", 51 "response": ["will_not_fix", "update"], 52 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 53 }, 54 "affects": [ 55 { 56 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 57 }, 58 { 59 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 60 }, 61 { 62 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 63 } 64 ] 65 }, 66 { 67 "id": "CVE-2020-11899", 68 "analysis": { 69 "state": "not_affected", 70 "justification": "code_not_reachable", 71 "response": ["will_not_fix", "update"], 72 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 73 }, 74 "affects": [ 75 { 76 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 77 }, 78 { 79 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 80 }, 81 { 82 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 83 } 84 ] 85 }, 86 { 87 "id": "CVE-2020-11900", 88 "analysis": { 89 "state": "not_affected", 90 "justification": "code_not_reachable", 91 "response": ["will_not_fix", "update"], 92 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 93 }, 94 "affects": [ 95 { 96 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 97 }, 98 { 99 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 100 }, 101 { 102 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 103 } 104 ] 105 }, 106 { 107 "id": "CVE-2020-11901", 108 "analysis": { 109 "state": "not_affected", 110 "justification": "code_not_reachable", 111 "response": ["will_not_fix", "update"], 112 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 113 }, 114 "affects": [ 115 { 116 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 117 }, 118 { 119 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 120 }, 121 { 122 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 123 } 124 ] 125 }, 126 { 127 "id": "CVE-2020-11902", 128 "analysis": { 129 "state": "not_affected", 130 "justification": "code_not_reachable", 131 "response": ["will_not_fix", "update"], 132 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 133 }, 134 "affects": [ 135 { 136 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 137 }, 138 { 139 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 140 }, 141 { 142 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 143 } 144 ] 145 }, 146 { 147 "id": "CVE-2020-11903", 148 "analysis": { 149 "state": "not_affected", 150 "justification": "code_not_reachable", 151 "response": ["will_not_fix", "update"], 152 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 153 }, 154 "affects": [ 155 { 156 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 157 }, 158 { 159 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 160 }, 161 { 162 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 163 } 164 ] 165 }, 166 { 167 "id": "CVE-2020-11904", 168 "analysis": { 169 "state": "not_affected", 170 "justification": "code_not_reachable", 171 "response": ["will_not_fix", "update"], 172 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 173 }, 174 "affects": [ 175 { 176 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 177 }, 178 { 179 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 180 }, 181 { 182 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 183 } 184 ] 185 }, 186 { 187 "id": "CVE-2020-11905", 188 "analysis": { 189 "state": "not_affected", 190 "justification": "code_not_reachable", 191 "response": ["will_not_fix", "update"], 192 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 193 }, 194 "affects": [ 195 { 196 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 197 }, 198 { 199 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 200 }, 201 { 202 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 203 } 204 ] 205 }, 206 { 207 "id": "CVE-2020-11906", 208 "analysis": { 209 "state": "not_affected", 210 "justification": "code_not_reachable", 211 "response": ["will_not_fix", "update"], 212 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 213 }, 214 "affects": [ 215 { 216 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 217 }, 218 { 219 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 220 }, 221 { 222 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 223 } 224 ] 225 }, 226 { 227 "id": "CVE-2020-11907", 228 "analysis": { 229 "state": "not_affected", 230 "justification": "code_not_reachable", 231 "response": ["will_not_fix", "update"], 232 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 233 }, 234 "affects": [ 235 { 236 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 237 }, 238 { 239 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 240 }, 241 { 242 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 243 } 244 ] 245 }, 246 { 247 "id": "CVE-2020-11908", 248 "analysis": { 249 "state": "not_affected", 250 "justification": "code_not_reachable", 251 "response": ["will_not_fix", "update"], 252 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 253 }, 254 "affects": [ 255 { 256 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 257 }, 258 { 259 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 260 }, 261 { 262 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 263 } 264 ] 265 }, 266 { 267 "id": "CVE-2020-11909", 268 "analysis": { 269 "state": "not_affected", 270 "justification": "code_not_reachable", 271 "response": ["will_not_fix", "update"], 272 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 273 }, 274 "affects": [ 275 { 276 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 277 }, 278 { 279 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 280 }, 281 { 282 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 283 } 284 ] 285 }, 286 { 287 "id": "CVE-2020-11910", 288 "analysis": { 289 "state": "not_affected", 290 "justification": "code_not_reachable", 291 "response": ["will_not_fix", "update"], 292 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 293 }, 294 "affects": [ 295 { 296 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 297 }, 298 { 299 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 300 }, 301 { 302 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 303 } 304 ] 305 }, 306 { 307 "id": "CVE-2020-11911", 308 "analysis": { 309 "state": "not_affected", 310 "justification": "code_not_reachable", 311 "response": ["will_not_fix", "update"], 312 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 313 }, 314 "affects": [ 315 { 316 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 317 }, 318 { 319 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 320 }, 321 { 322 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 323 } 324 ] 325 }, 326 { 327 "id": "CVE-2020-11912", 328 "analysis": { 329 "state": "not_affected", 330 "justification": "code_not_reachable", 331 "response": ["will_not_fix", "update"], 332 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 333 }, 334 "affects": [ 335 { 336 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 337 }, 338 { 339 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 340 }, 341 { 342 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 343 } 344 ] 345 }, 346 { 347 "id": "CVE-2020-11913", 348 "analysis": { 349 "state": "not_affected", 350 "justification": "code_not_reachable", 351 "response": ["will_not_fix", "update"], 352 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 353 }, 354 "affects": [ 355 { 356 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 357 }, 358 { 359 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 360 }, 361 { 362 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 363 } 364 ] 365 }, 366 { 367 "id": "CVE-2020-11914", 368 "analysis": { 369 "state": "not_affected", 370 "justification": "code_not_reachable", 371 "response": ["will_not_fix", "update"], 372 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 373 }, 374 "affects": [ 375 { 376 "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1" 377 }, 378 { 379 "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2" 380 }, 381 { 382 "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3" 383 } 384 ] 385 } 386 ] 387 }