{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9950ece8-c898-533b-a7dd-bb174fbcb791", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4920a40e-db7c-5ac6-bb71-fd440eea4faa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bab9ea90-3b12-594a-94c7-6764b89ff25c", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36bdc23b-4398-5f03-9529-77874a40f509", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fea16cb-e0ad-5320-834e-f167619283fb", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22989269-7981-5bb5-b1b1-69e351e2dcac", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4192021-100b-5025-94c1-581f3d116b0f", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8abc434-1afd-5226-a37a-2716b9a9bb66", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8206d31d-cdef-54e4-90b8-0e8b1c10a999", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72c0cd85-8f19-53a7-8ecd-200d1afc7862", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f3709fe-b7be-570e-85d7-6a24f10772bd", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6aabf844-bc18-5e4f-97f2-d56925984833", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e644abb7-465a-5c6f-81d7-e76cd447e779", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99690360-5794-596f-bf36-a1503a419941", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1ff4f6c-0a37-5b3c-a287-1e297f334386", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23139e2f-64cb-5720-96b2-097c6ee3fc9e", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d386b83d-ebb6-5b80-bddf-18d3cc06af5b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e036b103-46c8-54d6-b2c1-15169f2027d7", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0a5d604-212e-5f36-b07e-81388ad35e1d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1096c686-add6-5582-b1d7-bc39db844f94", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9597724-b3f6-5207-a227-2e9ceb51e5fd", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53d38f14-5d5e-5631-b754-c18c2b48d338", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7701199f-07d4-5e58-bea1-259ec02325be", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02f46e27-255e-59d1-99b6-a6e6b061b273", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fede686d-0ecc-556a-8cc2-344bafd11f02", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:967cca40-8b66-57f3-a9eb-49b0b5726b8a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8163e686-28e6-544b-ab57-0d9bd082b0e4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:612c690c-1067-5d61-a59b-c306309a6a12", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.1" } ] }