{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8bdafb2f-0576-53ae-b3ff-ffaf6f03527e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:45b83818-8d67-581f-90d2-de6f23072811", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d261f120-dacb-5952-b332-b9cd9d37a07c", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a196b966-7550-54d2-b5cb-c553da1be1f0", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e48e603-2155-51a9-94a7-afd889b0e868", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee8ca2d4-8144-59db-8981-b708b7951c43", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27f7a7cb-5958-5203-ad6a-72a98e479b82", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5907d8c9-1d10-5c97-bd72-1251a47d7e2b", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec86fcdf-d36d-5338-828e-1e8845e3f262", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32da60d7-e503-59f5-a4c2-694722a4e0e9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28991cb4-f962-55e2-ae39-acb592925855", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bb87697-ecd6-526f-9cc2-4bef4e87721c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd755bf3-ae97-54f5-adb2-59b9dd18fa8c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28c15bb3-d5f1-5e10-a3a9-ab862cd8a0fb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3156c339-0221-5947-bc25-7a92b79deb11", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f756e46-eba7-593f-a0ac-d3dcf86e6cbb", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3ba5c2e-e096-52fc-8d20-5c1a594d60ae", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1326d7fd-939b-55bc-951a-94802ac414bd", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4c5cd5b-f48e-5666-a270-ac32d8c26844", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2575b511-f109-53a0-ad49-7b7f3e2d6fb9", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jcl 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dfe7bfd-3e5c-55b3-8c43-fb014563e1ae", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb22e7a3-4c09-5363-9e9b-6fa0334f8ebc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cf09ee8-010c-56cc-bf92-04d6195431e3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c53464ea-3561-5a03-b980-8713dcd2352e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1ea202f-a361-52f6-a168-f750a0daab39", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-jcl 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72360782-0a04-5be6-a441-d4a749743e21", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.0.RELEASE-tuxcare.1" } ] }