{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:97d995dc-7b99-5261-a395-be10d7ea461f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3ff57c4e-d431-5cf0-93da-9d994b4ebc4e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:926abf42-2a3c-5364-9d9c-30a8ae9020ea", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:375e9dc9-9816-5797-95e5-569bcfbba5d9", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:df3473bd-e394-533b-94bb-36bece57e281", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5824729b-c055-5211-a8cf-3335886e4e26", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f0ce85d0-ece9-533c-8879-c96314cca8b1", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e4382b77-9c92-5576-a6f9-de566f07302f", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:52586b59-5013-5128-b2d2-c9b0976c7121", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b4198307-3cca-5cb9-9116-60ef6eb8fc5b", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b6520c1e-dfe2-50d7-a303-c89cd98583f8", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:452a1fcd-4e8e-554c-ac53-b2a588d6dada", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ab28000c-aea7-53ab-971f-5c725f0252d6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5533cbdf-953c-5625-97f2-34bee1886325", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bd6ee0bd-b4ec-531b-8061-7227b8c5a8bb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:53e3c83a-44ab-5a2f-86cd-87110e8fbe3a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:01e4d29e-720a-593f-8013-4976e1c60b13", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7d2c59b5-0270-55a1-bb68-be1fa8b90f2f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31.tuxcare" } ] }