{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e140f81f-e5e9-5bfd-9754-64880b42171d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.37-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f2d4ee45-71bd-5795-aac4-d9df94bd08a9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93d68b9c-8204-5e01-9634-2bf089e28af3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b3bf6e7-cff9-561e-8135-d1d07b0ebae8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0400890c-e205-5f3c-8fbd-dd971438ff3a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e037fa80-73c2-5421-8792-d4425bf69fce", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ddcb6a73-cf89-5689-ac38-76880c5e8a06", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ca992e5-79d7-5076-b14f-9672a9412df1", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bef83caf-75f7-5dc7-b86c-9220f412c38d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8f30d23-abb5-5b2c-8c0a-0946530c2755", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:626b7e8e-54ab-57d1-a2fc-64d929014261", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13ad2f8c-7f96-5e7c-8975-314517e4a991", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77b0d266-8667-5f88-9ad0-9b601c6db6b7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81f93e0a-316b-5421-af3c-87f01ee033a2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.3" } ] }