{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:543c047c-5249-5515-b7fd-6164feea79bb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.39-tuxcare.12", "purl": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:df445485-ca25-5504-a378-7fcf37cbe800", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:e77c1ff7-b160-581c-8ae8-665c4057ea3b", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-web. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:82f80cab-b9c9-58e8-9203-78a63d1d74b2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:fce19c9a-a23d-5c9a-8d07-4818dcb37340", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:40e3059c-396a-5e33-9827-a15a7d74c941", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:7752d44f-f502-5e60-8b35-b6943c92b53b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:059f970a-e808-55c7-b3c5-627c2ef2b5db", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:fc52f552-bee1-514d-b003-4a31915fc2ef", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.39-tuxcare.12." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:82eb34a9-2726-5e44-99ab-0026a64215f8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:c16590eb-e436-5c33-b851-972b685a1c4b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:19d56ec7-6626-50d4-8aed-8770da36b203", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:80c5612f-86d1-5499-9aa8-d7c134904ea2", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:c1eef766-44e0-5d13-8fb6-4f26396aea94", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:a8770609-5c08-5f9a-83c2-196e73a40e9d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:f6ea21bc-4917-5b6b-8a35-8d187c17655b", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:c43c340c-3653-529f-a8d2-58ea2e2869de", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.12" } ] }