{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ecfe5a15-e4ef-578a-8e58-e75b9877ef5e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.24-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1856ad7e-f5cc-578e-abf4-975f73b856b4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83a96f3c-a12d-53dd-8718-57ca70bd2031", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa44e13e-2cdf-5eed-8206-ca8dbf6dc725", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20d8dcb3-add3-55a0-80bc-0599560e63d1", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:677273d6-b753-559f-94cd-15b8df9ef07a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4d38f98-bc39-5510-87ea-54a301a4d954", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41fd6b72-8ed7-5c40-8768-76184de10569", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c07a1e29-6ce9-55da-85a0-8e2af0637c3a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:611abb8f-4bbc-5707-8eed-7bd84ebd53ee", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40d174b7-fa02-5fbc-8435-3abcd8e2b1c9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab71a5e2-01d7-5dde-8c6e-5d74846af54a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac64d67f-7b8d-524d-9d43-b2e6a387197f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2860692-95ab-52a5-b3ca-104a1b54d59d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77b270e2-5b63-5434-a16a-0a2646110bf5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99d15adc-d369-5420-83b1-789e10ef1089", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5088a8a7-863e-5ea8-ba27-80ea41ec9614", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b70ca95-eec5-5e5a-9d3a-e96fce3bc95c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4dbf5cc-e380-5776-96d3-147bb3fa1069", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a016ddd4-34e3-59bb-a912-5d4b60317c90", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.1" } ] }