{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6611bc2c-af90-54db-8d24-c8af997f1fa6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.7-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9393568b-d1b2-523a-a492-1a7f74711a2d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acfd7b60-b414-52a4-a06f-97d9f7a4336a", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be3362ae-a558-5b10-9b80-6ca74a4fc56c", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65e6b5c4-404a-5f8a-9f51-5ec542cae5ad", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c902c7b0-6fc1-5f85-ac04-084c9f9e9d6a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9619fed-80d8-592d-b35b-807257ce1baf", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1af854ad-202b-54dd-9c75-797c0bf7380c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fccad0a4-d310-5c29-9ac3-61d39401743d", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0eaab94f-9943-5fa7-ad60-8c0ece528717", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0275fa3-3e5f-5ec8-a86b-5b4601012c60", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a3531d4-69d9-5262-8b20-27af24dd37a2", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcc960b5-df00-5a17-a02d-5bb51f494c2a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3c28d86-4480-564f-8246-8d4c04a51765", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c245a62-b81c-5d95-b548-69b2410fe609", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c1f2205-7a2c-52d3-a254-c66df7debf59", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30a8d84a-f563-5b8d-bcab-f02ff5677608", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4b87795-ee2d-54e7-8e44-8347ecbb9ab9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66fe2c84-ed24-563b-a43b-7cddc9d778b7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6d3394a-572b-5901-8213-00adafa854be", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51bdc563-5faa-59d7-ab8a-e765df37f5c1", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c07e3762-f251-5860-a457-3858de07b540", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b1525ed-94b5-58ec-bea0-62d95edb86f1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.7-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:166fb87c-0be8-5758-90fd-9500b56b2a39", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a500cbb-b73a-5c52-b2f0-957a80afe741", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:faf17f10-2ee2-56dd-82cf-49bc7dd6ceb8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ac146a3-bdf5-5c2f-8c35-cc78b8b618c5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dc32a8b-4cf0-5c53-9cfb-ee39ee269e4a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.7-tuxcare.2" } ] }