{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6512302b-e8df-5643-bb52-9a2d20796a59", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9ea7e84b-2a74-5e72-ad7b-71c67e2749fb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ab5f841-3e95-57e2-a10f-50a162adce1a", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fefc4f8-71ce-5411-8945-3fb176aa742f", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ea7730a-883e-51dd-9d5d-d40248859663", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6d58ba9-93b2-5a1f-aa2a-61bc1a5e048d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6de9484a-ad16-5044-b775-6857837f2608", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be79a331-c49c-5fe3-b0bc-53496d9f58aa", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:478437a0-18d0-5aec-89a3-b729965627f8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7de319a7-8633-5b40-9688-0d4f50db11b3", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:204883fe-ff7d-5119-866c-60a586cf5f42", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16fc192b-c2be-5aec-a30d-e69b52c73059", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49362421-5acf-516b-9212-53b0dd9d202a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f3149c7-ed0b-57fd-80ed-41c069bbc608", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e24ed95b-df81-5be8-a777-ec1bb3f08902", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ab27153-5de3-5ffe-86d4-5774d2b765b6", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80071bdb-857d-5259-a5eb-08c1344ea0fb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df939401-67d3-5001-9c72-46e0064980c0", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bceb95fe-7362-5dd5-a009-902cdfed67c4", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5880f4c1-9774-5078-b8e5-b02240c95796", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06bbb550-da6f-5ce5-bee7-1d6eb01a9e66", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5de118ac-e262-53f9-a2f8-5ca1d5e6fd17", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dd069a8-1000-54ee-bc25-46b5ac4c16e2", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88d8dd1d-4323-5403-a258-a99b2e613703", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c74245c3-a6d7-510d-86c6-77bbedbd6358", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7567a4eb-1f2d-562e-bc63-a216e7920ce4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be766e5a-34a7-5d53-b30f-fc335ebc4a6b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64a64e93-7d59-5d06-8f65-371ffe0154a2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.1" } ] }