{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ee407efa-4c24-58e0-8a34-18bcf19fd637", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f564158a-33b9-565b-94a6-ea437617e1e5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07ffc3f2-26b3-56ed-9645-7550b6754586", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a95fe3cb-a92b-5105-b551-cc153e28ba1b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9f7535a-0bdc-58db-82dc-c787fee16bb1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5005af34-b701-5f1c-a5f2-2a6f6639d8a0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ab199f5-7b19-5cf4-a437-e7b0513d33b9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5592faf7-ecf2-5311-96a4-d462021b18f3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46696b89-afe8-50eb-b684-22a82f9793b9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:802b3b91-b0f1-5a57-b773-b94c192620fe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec5796c5-5897-5b1f-9fd1-738fb42ea761", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bdcaf8ba-3aab-5cf3-9d0d-64f9212da589", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68923f33-17a1-55b5-843d-b4770853d6b1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59ab7ab5-2882-5296-b218-88ee4fd04891", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:208017b4-3f48-54ee-b31a-b8e9b8441b3d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e838d3b1-f201-5e8e-af93-094cff78fa43", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d034421-b229-594b-99de-da74da894b9f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c990ba33-38a8-5e13-8220-4581bb6feb7f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }