{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:54c32ae7-aae8-5df1-99d3-c71cceaaea5d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.39-tuxcare.9", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b5ba6975-824c-5d07-aa07-524c976ad426", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:374e8bf1-b535-5d99-a2fe-f5813a1bde96", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:3d07b8e2-5cd4-5352-9362-59a6f6664c3b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:bfc4d076-dfa0-5a31-8ced-68feea668f5b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:000f06ca-c927-500b-9329-8150bd28c147", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:21d4b01c-4241-5188-8398-9e18e2965a1d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:25e3cb22-c659-544f-bc42-9446f7f4f056", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.39-tuxcare.9." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:e57875ac-c3d6-54a3-a1fa-bd3c7ea6ca07", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:d93c2f55-2f73-51c8-9654-3987abedace0", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:53d0bda0-7f19-512d-bc97-0b4fafc69d41", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:e612e4f8-5e69-5d98-8005-586de1660ec5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:5e53ea14-fd72-5745-9e82-7ce897dcf74f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.9 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.39-tuxcare.9" } ] }