{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c99321ca-2352-574c-a2df-f3afffd0b3a3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f35993a0-49bd-532f-a72d-c62a04384987", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c347860-0f85-5771-8752-ac469472fd4c", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60cd4855-2cd0-5406-84dd-c23566ff4b5b", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9250797-be2b-5ed8-b054-fd9fc745fbb3", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20dda62c-d9e6-580b-a96b-9b9da020f518", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b67c754-b3b5-52b1-9bb1-0c3870554bb7", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6e28fdc-8cb6-5333-97bf-1611a0f036da", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3ba3c10-9c0d-5f4f-b0b9-497f3e157e48", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65be537e-98a5-572d-9dae-1711292302fb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:085256fc-3db5-57a4-89f3-d9a7ec5f02b2", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bfcea68-4dce-5003-8378-a6d1a740b41f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b30f8ce-e373-5354-9264-69011124fa5d", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3eab8e68-3ea3-51c8-8c48-326f4372d4ad", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6aa3fe29-1429-5748-9ece-fbd58dc347d3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa092ea5-5f5e-59d8-bcb5-d135ef3f27ee", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1cea4da-0878-59aa-b367-4a403b20f2cb", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c87c75c-06b1-577a-af87-1ca1651122ec", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6a2957d-9262-520e-8308-14bd023bcf96", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5e98822-09b2-5cec-a339-c832cfbdd364", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-instrument 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fed8f044-7b5b-57ea-bcdd-982800ee09d6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3a0d6da-ee8d-5f75-93fd-4d95b99540ba", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04533d9b-538d-5abf-8722-2a030804c963", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e0858d5-9d9f-570e-9e45-6a3ae432c981", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eda7b6d-ec67-5808-82ad-1fca62d293ce", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-instrument 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b325a5f1-8ac5-52d1-b03b-5e11ffe3dc54", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.1" } ] }