{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3b7319c8-0153-5cc1-96ce-6537b8d1f468", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.37-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6fa64970-13b5-58d7-aef8-28ed7201e4a0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b43f815-45a0-5f21-9daf-3070ab61ac7e", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cfca2a8-8b1b-5f91-b4a0-857a798630d9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60260b50-1641-5050-9719-3eeecfc0c8de", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf667cbd-03ab-5897-98bd-de64eae67935", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d61705f3-0cac-5d34-bd4a-444c5d478461", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:902ddea4-def2-569b-b20a-cd7232bed5c1", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2585b810-573d-5f97-94e9-6a922dce4e43", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87dda4d4-615b-5a96-bb9d-3b5dfdc3814d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3c90c6c-8b54-5bb9-88ed-e915b757a073", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15a0c81d-7e46-5baf-8fac-2365196fc61e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:905c3773-1134-5673-ad54-00ca4c461b38", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:393cbcbe-ad7d-528a-bf1e-cf8823603d83", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.2" } ] }