{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1fd85968-44cc-53df-a218-659f4f18212b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cc12d091-b4f6-55e8-9a79-d472a8fc73d0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:055b884a-887b-5978-b56a-29b46536a333", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36608f8d-946f-5551-8f14-65f185585b3f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d0608ac-5485-5f21-a9ae-255deca17020", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:127f0a96-5aa7-5ffe-80d6-09d4dcfa252e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2f6645c-cce4-5ba0-94a0-47abee245539", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5089486b-4fe1-5fce-a576-8b2d8fe5970b", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59114b2c-03a8-5688-b989-296780f63cd1", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76811c64-caf2-50ae-9bf3-722c0dfd3e09", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98277358-135e-57ea-9049-7196f3fc50ef", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:664dc968-143a-594b-8096-bde5db8934cf", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17a00e2c-c790-5a31-af87-7a7e776724b8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c739eb13-2eb8-5d46-8fa9-235a4f1aec91", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99f0f528-fc71-5f3b-bcbc-9034a7543659", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f08f01c7-ffa7-5288-811d-04dcae152415", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67dc8d3f-9ca8-5b44-9a66-2ebeff4d1a6b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d9f7004-b0ff-5277-9216-e7b5f0719190", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27.tuxcare.1" } ] }