{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7cb524f0-a59b-543d-bb11-39d5b2f18432", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b45c325e-a7a7-5daf-8ab2-11f5fa1e34d8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28e3fb63-f82b-5acf-bf0a-8464f5dcbd1d", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d91b40a-22df-518d-97b0-c9df78768b8b", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40f70d6e-0ef4-5a30-8e8a-8d5cec8ebd09", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:969d3626-0c1c-5070-9d4d-4f2e8a55875e", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d18e1232-4c13-512c-901c-481ae5ca0d2a", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ae86290-83d1-505e-a86f-b823f30d0d39", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ca06d99-8ac5-5833-a699-fc42ed47027e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:619de1f6-a0b1-52eb-918c-b71e70cffa34", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5056909-fccb-53ec-b86a-3c037d1713cb", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c420f46-d322-5d53-8a52-52a21fe287d7", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a801ff6-3b96-525c-9c94-790be4bbf06c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7fefdee6-2aab-5271-aed9-fc942b430ebc", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce92049f-f26d-550f-81ad-44c418d7a68c", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8f0515a-46b1-5e4c-bc7e-7c90b353d2fe", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4baee003-1821-500e-bb32-6417f08ae8c1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b7fc512-40ca-52ae-a1a0-aac2880d0fcb", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ddcd8dc6-7456-518d-b214-9d5971c277d4", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72fa42ea-d44e-5947-95aa-769b837a403a", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-web 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cef1a16a-1cf9-52cb-ac99-acf8a9f2a9bd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed25c5db-d6d2-5f25-82d4-68bfd4875168", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a795f4df-3e31-577c-8f0a-f228df239e29", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0ec91cb-5760-5736-b616-a87abd7f31c0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff7b2d14-cc2f-576b-a718-f82c4ac93d45", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-web 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07e9f34f-357e-5eec-8d77-320e962dafad", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.0.RELEASE-tuxcare.3" } ] }