{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0ab04a94-cf67-5b9d-a132-1dc83bf7b229", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0063a97f-c5ae-5699-af53-edf6463995e9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2225a6e-09dc-5e1d-983c-9f0a85131562", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a356d02-d589-581a-8112-10ed3a9a1dc7", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b634026-1a61-5971-9992-24202e633069", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3aaf3fc7-2de6-55e1-984e-c05c31fee7fe", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94569d5f-2dc7-568a-a425-261522c6ef38", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:591a1311-2fba-5162-8cc7-3284d1fb4a89", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34675329-306a-52a3-8467-01548c76a74c", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:966c38a7-60a4-5e11-8d47-18f53cdeae75", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1ba4484-17c1-5bf3-863c-85d7830d139a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:875f6c69-a52f-579c-b55f-f00b0103fc42", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b11332a4-b81e-5469-ac79-065d906d2bfd", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66ca66b6-122e-5875-b9b6-40ef53e92d49", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94d785dd-bcbc-5a1f-a25b-6d35a4ab5494", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b39a6510-99ea-57d6-bf64-3330a228ad4e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe04a8bb-e22f-5908-be3b-175b3064c8d6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25f7b2c7-cb8a-5dfa-ba58-6cfae15476ee", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb4c7ff5-9384-5fbb-a2b7-474f30b914bf", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93c84c2f-8b4d-5feb-b5c8-82c5fe2ec911", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-instrument 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85de217e-a695-51b9-912a-22a776348a54", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba262d42-a65d-5d60-8507-18728e37f264", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9250627b-c2de-5bf6-9ea2-9c03bc07c5b7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:771390b6-660d-51ed-9d5e-82392a170683", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:190ae7a7-9ebd-5102-957d-725a1a3fd78c", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-instrument 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9ed590a-cede-5f52-b2da-5e972bc26f7c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.2" } ] }