{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:357567aa-475f-59c4-8f20-46a01815716c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cfd75696-a4f3-5cb4-b47b-0ac5bc9677aa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b49dfd00-5f9d-5b8f-9919-54b543874528", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2405eea-cca7-5e57-9dc7-4abf97c4c7cc", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c07d3eb-badd-5be3-aa63-fc3aec2b1451", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a3b2f07-a079-52a7-9d2d-4d9993b84506", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2e6c93c-cd60-537e-a100-1fb06c86a78e", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8039726-9314-5ce4-a463-a500edd57b00", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a668a19-6b52-525f-994a-68309384df91", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b2d7a29-9ce9-5542-8bda-354ce4b18a5f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0242faaa-b5eb-556b-bf8d-e2203a79f57e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:470a5beb-2fa0-59ca-ac58-2db0fccc4681", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e658c3b1-969a-5425-9b40-5bf93e103c28", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:913612df-0601-5d0d-af41-f2e2d7994b8f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:693a7dbd-a446-5f63-8843-7bb9988704f7", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b451861-055a-5cd5-8acd-27bd4126aae2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c71895f-5882-5cd5-af0f-b00d153ab094", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:810ac14d-7ae4-5cbc-a283-edf887404f72", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39cebd78-8565-519c-8c65-bfdc4af3479a", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfe5fe57-3739-5588-bb4e-75a43bc1a1ee", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-beans 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31a3d5cb-0a7a-5907-a805-9a81c0db398c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:219f396b-efea-51ac-b2cd-b26d6430113e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:408f4bb7-8c47-572d-b961-a0a968ebde6f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91e95a2d-30b0-5ea6-a6cf-4ace79f7b798", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f654647-a551-5046-9e1d-7b7bfc761c50", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-beans 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18766793-af1e-52e8-bfbf-18109a06e588", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.2" } ] }