{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:64acff83-876f-574e-9623-a9249d076713", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6b8dbee8-a554-536d-871d-1c7ce570719c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:484ac331-44aa-5ef4-b0e1-1c8a31754fdb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d0c6186-7cd8-58dc-a77d-ef584469bf5e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:deb8e403-b016-5a04-9982-65d1c633f876", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3f23245-9621-5efa-ba70-fe7d7823c278", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8096aabd-1ee8-5aae-8834-a536dfdfeb75", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f390bafc-37d7-54bd-a1ba-49a78a5dc1d1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d189b70-a2b8-50ce-9c42-cc3f1df7ecb4", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2531aa65-a6d1-5393-b2b1-db43e484939c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4d07cd2-9c99-5a2e-a088-2eccef40c95a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ee9c4b4-e157-51fd-89c8-fb1af3a572fa", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82e08264-cbb4-5a78-8898-20f90e958931", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:789c1df5-3f52-5bd8-a9cb-9305a34b106a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c685e9b-756a-5e74-9583-f4b9e2ea7388", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c72a5b9a-9305-5554-80ce-b8e6fc0cdad7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:402c1b91-44d7-51ae-a7ea-8f725ed3941d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:415fa815-8453-5dc5-8aeb-20a1299bc790", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.29-tuxcare.2" } ] }