{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cfcff67b-8b27-5718-8be9-9bb5ba5d8db3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9df91ccb-c6d1-5ed1-9340-487aaa6a604d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb5cbe4d-566f-5f47-bfb8-c01db9d89b1e", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:232ca038-c80e-5192-9164-d3d1a1b68a88", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b60f913a-ea46-55ed-b89f-f9d949b9a1ac", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddff4fc0-b0aa-553f-85cc-8e4ad8537411", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ec8b611-30b5-5fb7-b776-a0c72c6903b1", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38a48608-864b-5822-b1b1-9531e7788e45", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56e99767-64c5-5882-a80d-e3acf257ef18", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0869b87-ddf9-557b-a994-cdb27f7c1e15", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b3614f9-7bf7-5806-8b17-f4c05fd4640c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:907ed4c6-3207-5ff8-a555-48df1920d835", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:589a0805-cb8f-5db4-b853-78612e1221f4", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6cf292b-9d6b-5a1a-9624-e3daee265d07", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83f527c9-b089-59d4-842c-90f6bf4e41f0", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65ff15cf-0253-5bc4-8cc2-4e4a4f281da2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98c13e61-d346-59fe-93a7-29beda07e2cd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:720b923e-f60d-5cc4-8482-b889420713e5", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:706cc8f5-53a7-5acc-97d1-453f3315d019", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0a4cc90-5286-5c8a-83fd-737f4ea75775", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-web 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:890469a2-af31-58b0-a700-0432e5dabbc6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c88d5113-9124-58b1-ba95-67b5d83b9b95", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa01a6c2-e1ad-5d0f-82ad-9de3829ce172", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e1d305d-2db3-56e7-8a7b-8b1afe8ebaa5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb8e05de-b2aa-50a3-8f78-51417837dc96", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-web 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9d79576-f4fb-5429-b9ff-7b6addfbca42", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.2" } ] }