{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8cc5e876-68f6-5ef5-a852-5bd16089006b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.0.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0acb4bd4-5587-5626-9d59-7181744f1483", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b545a145-c02f-5e19-8050-d0e8e15a001f", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e50553ef-1538-5418-bc82-075ab0072f87", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91678682-8f3c-53f1-b00a-f66fcea23781", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5db3df24-d446-57e3-b529-8c07911bf415", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79ea56b1-fd0e-57e6-a8c3-d8d58f86fc48", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79e6bd9c-3208-56bc-8055-33ae5b710781", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46b870f3-b339-5791-bda7-b26c009ce6f0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f012a22a-0be4-513c-9b28-5528feca53b7", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1de737d0-66be-5497-952a-c7f2dac9cc05", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:353419ff-bf3c-5e9a-b78f-fb231fa29886", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d565cd6-4ab9-575a-8d03-a42279d6fb76", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a522871e-2540-508a-bf50-bc875f30e94d", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-framework-bom 4.0.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b52fc053-3fa9-5c79-8c25-6f84f5713183", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3df49dd-10f8-5250-9dbb-b2acb2ef0c9c", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8482e92e-d923-53ac-b415-25ecfa57f067", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b40074f-4751-5169-bda7-a5cb06908027", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18545ed0-e824-5062-9451-722d5ea07d66", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79b4cdc5-703c-57fd-8c09-4e6981b09a2f", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e423ddcd-8991-51e3-b625-7ebddb5a587d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5011a671-aae4-5c4d-9be0-b38636792647", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ffcb451-be48-559f-b160-bf15b3386456", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:772f00ce-0cc0-52e8-b53d-3249078280a1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f429f351-4ae4-5adc-ab15-b035fdd8c5cd", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be762dcf-c0d5-58e2-8755-7d7b1522df8b", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7eb5d46-4e3c-5568-886b-142a5c758d66", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acea9759-60c0-52c5-a597-ccea6fa49caf", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c16b35d-af00-509e-929f-271f690ffba9", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:449257b3-f62c-5b95-adba-157e77f23218", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04107c3b-5f4f-5c47-b55b-4acfd20aa9c2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b12a44f-d367-541f-a69f-cd49040d830c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a083e5da-87e4-5667-a4af-66c6c0633de4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddab4a99-d339-55b3-9eb6-de16abe33404", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aeed8e9d-4189-5590-bb91-6e699efc51e4", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfdf79f9-457b-5233-9052-246e33480fb5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c561d93-b63a-574f-bb39-170f15c5f996", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e85dc55-95a9-53b3-9fb6-061df1dd796c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:881a2a33-1fee-595c-9444-07931c1048a6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d047f5c-6ee5-5537-8afe-cbd5f88d345e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97ea7414-fefd-542d-9dd5-073a61469609", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.2" } ] }