{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c2a68498-33a6-51db-a7f5-73abf18a19d6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.7-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:59ac27f7-e1a3-5e50-91cc-f5426dc70868", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19ffa7d8-8e58-5d4e-8998-5df99b12af45", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6c37df1-bb27-5ec6-9adf-04bb19bca6d3", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f268b82-4e87-51c7-aae0-482d9a084501", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d6eacf9-8de9-50dd-91e9-85dd088cc491", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52e62d59-6e9a-5308-bcf4-6f84ace913be", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e348877e-c3fc-56eb-a551-06f10a12606f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dce3369f-31cf-5c56-b28a-2f69023a8708", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3dc5ad4-0b20-5cc2-994f-d0625189750f", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e1860a3-d08d-5eb9-8630-642109bf8adc", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d152b554-56cf-5757-ae5e-27cc99ad2ffb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b2e497e-8be6-5d44-a465-891f19e0aa05", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23b85357-814f-5443-ba41-cbee3333ed82", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f981fbb0-2342-5a69-81da-ad6023dc67da", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffe3d2ab-2507-5cd7-97f0-a93f7e0c8e16", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe52ff8a-5157-557b-ba97-00aa2a297910", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f373520-7692-578f-879b-51a9cc136962", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b4c2f38-5f87-57c3-bfad-16e79b1297e7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:935ae9a8-8445-5daf-bf5c-990b5074de14", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f8b99f7-e65f-5471-85ec-c9c7418d75b9", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:416831e0-bc84-5419-b262-a0d66e0b523f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52957b63-7a42-5379-881a-6ef4633cd645", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.7-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a116fbf5-f42f-5750-9c3c-aa191ad96704", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fca69d0-3d88-5495-9cb8-2cfc0306d34d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:580e4940-7260-5b8c-8fb7-bed31c06af9b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4043e8a-8e0d-51a8-bffe-e0245e3b6ba7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e1980f2-bc58-547b-b6e7-31ff6fef4831", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.7-tuxcare.2" } ] }