{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:29ca2a75-d11b-5bfe-b3a2-9df983518176", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:656d9d0c-91ba-5684-a3f2-1d252d8e0353", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:776bb5fd-1cec-5356-9896-6ff0cd867597", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08da38c9-8bcc-52be-914e-d9f0ac1ef252", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60a5abea-854d-58fb-9fe5-89000413a5ae", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8a3087b-8881-59fb-8388-c5e3e13b54d8", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6831ea0b-c35a-53cf-bfbf-ed3535d8b6ca", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03d97bea-ac96-5ec5-8318-f0ae7575d8a6", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca5853ab-2930-5a04-af43-feef62342cef", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7148af87-4f37-56f8-ba2a-08718f4a5203", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26f21fb6-92ed-50d2-ae93-e6a13674916d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0435dd64-4413-57e4-b6e9-80992cfd2d1a", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1aeeccc5-bbed-5630-bb40-add28215b864", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cde1b6f0-2526-5867-8699-b08c06eb4973", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:910b0a30-561d-59e4-b310-38347e846375", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6db4c03-bb32-513d-ba74-e27e6abb5c0f", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24926d5a-0645-5bea-b256-33d971c0cc0a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fd878f2-1477-5713-8b42-463adfa3c9a0", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44979a4a-4c3f-5308-af6c-3db3a6927569", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cd85c4c-438f-5e42-85d7-02db16bf986c", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-framework-bom 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a61ebea0-bc09-573f-bfed-a4f07ba0c4ee", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7dd6853-7ad5-5391-ba7f-62dbd68ff558", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e8d93c1-ec2c-53ea-9efa-fa11a5c9dea0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b7b44b9-a095-50fe-8291-08b404484c80", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:788ca7be-a4d9-5df2-80e7-23ab22fba78f", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-framework-bom 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff3cb2c5-9325-5b84-b091-0059d33fb7fe", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.1" } ] }