{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:207dc4b2-37a2-5d58-8ff8-4ecdea8f2528", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:84326889-a800-5c66-9742-b1530e80a96a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c0b8ae6-9947-5a13-a262-6bb47e4346e0", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59a40c3d-c6df-51ef-9b76-c671e8c77c98", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f43e415-51bc-5fbd-8063-f2bc1a4c1589", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4118c8eb-17d4-5176-b289-9a3cbc480db2", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72be0552-df91-5e8f-9473-2d0a300e0bfa", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c4971ff-d93c-53f4-b42c-02e921cadbbd", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c850cdc-5d57-5001-84a4-80733afb8fad", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d10a736-2bfb-577f-bc1e-e9668e030ada", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ff72d68-63fd-5309-a8b1-63de01760b8a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47c8eddf-4139-5b10-9382-e46a90c0bc42", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b96d1c3-80fa-5de6-8118-dede72d2d55b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd097a3e-be49-5003-93f6-75ed9afd64f7", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9fb3bfe-1e86-5811-8f88-233b0a03b137", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:327e8143-971b-52e4-82ac-5fafc4b99818", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:045885ac-b9ee-511e-8fbc-90bf7ed2903e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0def1fe-6316-5524-bd32-44169b217c98", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9d11618-5eb5-596e-8431-8603a1a7c4af", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09438107-e6b8-5e7f-b673-bd765c2b2586", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-instrument 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b6bece8-b4ff-5743-8350-50a532d7ba9b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9230edfe-0377-52b4-a055-e071df580011", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ca4799d-44c6-5cde-8015-7bc783e696ea", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf0b3c32-f1f1-50fc-a21d-5c171add9b46", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a210509-2af3-55fb-bf87-0ba80948cfe0", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-instrument 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:245da429-17db-5abe-b6bd-9629acd6b674", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.0.RELEASE-tuxcare.3" } ] }