{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:997c477e-d99b-5101-850c-08c3de337932", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.0.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:db24cbf6-3292-553c-aab6-13507a5aed6d", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41570f60-2645-5644-829f-8b4c245b8bb0", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc85aa55-8fec-5d47-9610-bb5eb31cab25", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd80e18c-1e9a-5221-a985-33ecc0144467", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbfcf953-c85a-5df5-8066-157765eea705", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f4f310b-c606-53c8-9fa3-c65e0974a356", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e216129-4f57-5b65-af37-af89a36edc6a", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b4ba690-f4ae-5e9e-8fc5-5303a843f203", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a401d97b-43d1-518f-aa48-ecf00cec20bf", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2295b39-d4b5-5631-b79d-fe5fea1f7fb4", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cb35537-2f1e-59dc-8990-c86c89ae78a7", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9aebbeb6-0a64-5524-bbda-06bb25e6d472", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11eb06c0-6a5f-5111-8939-11b83f761d0d", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-framework-bom 4.0.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:498c4e2b-e1b5-556a-a70a-0da3dc412351", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4069767f-ea57-5429-a79d-359c96906e94", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4bcd1f7-d0e2-5f74-b43b-ab35f4d45036", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:350813ca-9f92-55a2-8a1e-624e5b5290c5", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6efa17a8-d4c4-5d99-8874-9b3d8df4db98", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf87748a-27ac-55c6-88cc-16b2b1cb08d6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3afd3ec-6948-5b98-bbfd-87c374b210e6", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8f3f069-bca6-523c-ad44-0bac087bde55", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c54f46b-a651-5015-9165-8d278b7ac4bd", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14ca653c-db3f-5821-9cfa-e58f7e05ef0e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81acc88b-fcc5-520e-a0b7-abd1380e912a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb7e10f9-9a40-5951-8e91-b5f8c2e04e64", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05696744-a243-52f3-8b1b-8d4618bf1072", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9841a0b-3a92-5f7f-b914-c9bed756fb47", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08754cf0-3258-5053-bbfe-c206c842d75d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe0322c7-eae0-5cc0-ab00-9e9fd010b897", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b789f9f-2d53-51fe-804a-7ee48590cbd9", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e21f5c0a-d0fd-5cdb-92dd-2e3fd97e3c98", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2f3f3d1-d8d9-52c4-96e0-0fb7b19cac82", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b06496bf-08d9-5811-add5-1a86f694822e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:612b8b1f-aca5-5e9e-8acd-bfae9ecfc984", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95dd5687-39e6-515e-a317-495a22c18fe7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab4269cd-bf0a-590a-993a-81aaa95e1eda", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca5b4fb6-7cbd-5409-b1d3-e6770576bd58", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e609a26d-3a31-56b8-aa35-39694ba36c0b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a444079a-3715-5b3c-a957-b71affd83171", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfecb685-aa6b-521f-bb42-e1bbae163ef8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.1" } ] }