{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2df9e20-0434-5e1c-b14a-a9b6276a464a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.37-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cf9e2f23-bcf0-5fcf-a22a-14ccaed80c59", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f6beb57-5dfe-5c02-9df6-45f73b701fbd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b06c02cb-e71b-5061-9ece-6a89de0d64ec", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c880d36-2491-59c6-8a0b-be7620329d06", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d0ce29f-7b92-507d-9ad2-83e489db2b82", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c8611d9-97ff-5179-badd-4ded92cccdb6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ac2a092-f4d2-56be-a34f-949d418ebe47", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:715c16cd-e79a-5fce-85ef-e9ab2fcfc605", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11d47496-cce1-511a-b23d-38da6d8e7ad8", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61313085-f95e-55e2-9376-d627033b379e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e62801b-4633-5a37-a732-6bd6c3a45c7c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c99eebe4-4fba-51f3-be2b-cfd6f6666d0a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fa399ce-6c71-5f1d-a9dc-21d0fcdd4ab1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.1" } ] }