{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ab6ceaa9-ec1d-575f-9ded-7041d4715eda", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ea42c0c8-7f9b-5cab-9461-797c818482b5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbaca204-13e2-565f-977f-00e8c8cc5d3f", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32771bf0-e7f1-5364-a066-ee1f5840626c", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c341011-6732-51f9-910d-7a608874769f", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:136f835d-dbe8-53c4-92f0-b99cab167f3c", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98080387-7348-569f-bb45-038cac0f056a", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffa47cd8-eace-57d4-a276-af3bf416c93e", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3c4b9d8-a12a-525d-ba83-678c27a8e74b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5b42361-0a93-59f6-bbe3-5debeb8d8178", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a870d7e-acc3-5896-a97e-03c1f70f78b4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31af13ce-6d29-55fb-8783-2e55a5306b8b", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1ad846c-1ec7-5baa-9b7c-043f9f710c37", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fab6e6ed-4358-5917-a8ab-7a822dd26f85", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af1e8102-8d74-54b3-b0ab-8a640c00c595", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:faea78b9-4ee0-54d9-8b68-1eaebc880794", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:855a96f2-4b89-5d41-b453-b462faeaac9d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:507f58d3-8341-5884-916d-3086dcc63cc1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7652a63d-e4a2-596e-9308-4cf9a67092fd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0782d354-9421-5d9e-bfbb-b0e637e37f2e", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-framework-bom 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d00c92cf-1146-5615-badd-90c1085ddfa2", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:281a9d8a-1668-503a-b0ce-a502241a6350", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba5d85c2-86d8-553e-931b-7b782a30e0e7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de305fc6-b2e6-530e-91a4-7351f4da5993", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7b39f10-56ef-5f53-ad02-e6854a3f18f3", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-framework-bom 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fe8f02e-6b5a-51e9-b605-ad76780c31b7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.0.RELEASE-tuxcare.3" } ] }