{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:56a072d5-77d0-5f82-8857-be32ae980f7a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.39.tuxcare.3", "purl": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:50154ca0-7a3b-5820-9e99-16bfb804cb06", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5063a2ae-5b7a-56ec-b7fa-cebec321db51", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8cd90bc-ea62-57d9-80ed-abf9655a4bf3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:225b07e7-8506-5124-b1c3-86feee6d7b58", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6644f3e6-8b38-5506-972b-7d07af785bbe", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec67713d-4590-5449-b04a-77511b75f74d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81ccb8ad-3a6e-57c9-a021-13b47d8c0bbf", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.39.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2c402c2-23c8-5165-aef2-2f06a3e29460", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30ac0a4d-1d7e-5d83-88a6-45af23e782b0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47cadc72-efd6-5a11-9b75-87a31159e75e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1029f50-c846-50a1-87f4-dfb78b09cd06", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abd6c6e8-bfb8-53bc-aa22-44b7ab9d4460", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.39.tuxcare.3" } ] }