{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:50ac23d0-b462-5d0e-83d8-58afa214bf2b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b94afabf-9afa-5c39-bc4e-9f05667f008c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aca136cb-89af-579f-a5f0-ef59fc6103e1", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f261a73-4ecf-546c-97a0-b4d4a2f667b8", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7de1807-9037-592e-b9a4-2890dd4ddb12", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5854d4d0-c3a8-5695-b6e6-dce1fd425b25", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08f6ff2a-9321-553c-ace0-752dc2134908", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92059443-fec4-5195-9fcd-3657654a134a", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a0b748d-8504-51a5-ae44-b37a11297681", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:242a3868-74cd-5ba1-896d-0d555f1adba3", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a13931d-8f68-5120-8132-02460b677dff", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06541a31-ccca-55ec-bdfd-e78e3ca13745", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74b9c923-cc29-57ad-860a-98ab69a5826e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:861fdffc-d2f2-5098-876f-630b3cdf8e12", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0695cce-ae01-51b8-b539-e60b3bc6c380", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f1d3361f-baa7-58b5-8b40-434f82f31829", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97122b3c-338b-53f0-ac8a-3fb6a3949474", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbc00b90-db99-5625-bc0e-1e684a8d899f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a1e3a67-c5bb-5500-9db1-5530730a2a79", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4436e33d-10d9-5a0a-ab15-400d3d7164b1", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-beans 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7346a2a0-a0a5-5201-a0c3-2f463eb9da68", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1dbd926d-cc06-5fcb-b128-ef47f1a4d283", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23ac2ff4-b8f6-5a24-bbd8-26c7acb9d6a7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c316354b-0028-5af7-b276-ef622c95fda9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17ba5a00-5972-5866-8ca6-22a51d841c06", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-beans 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e329478f-4c30-575b-b903-419ec0cf0097", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.0.RELEASE-tuxcare.3" } ] }