{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0741fe58-5c92-561a-9a68-97f6e5e44dd0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.39-tuxcare.8", "purl": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dfa050e1-99da-58e4-b26c-8dc6dfa8fbb9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b21c073e-36dc-58ae-9d72-641e167fa5d6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1eb47a8e-f468-5ada-ac45-042a7fae1f34", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7f5a0982-0fa4-5d0b-a4c2-8056c88e7ea1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:35489b00-cead-546d-b934-bbc1e85121ac", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8c7f1017-4616-53b6-ad34-62f8099761e9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e8274e19-8e06-526c-afd5-4bb8eaf17108", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.39-tuxcare.8." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0dc4aad5-e5b1-5500-be85-095f31265bc9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0cca33ca-264c-5b65-a974-785afa0a118c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3bf899a5-9ba1-5813-8ec6-55dee50fefdb", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:42eb21c5-11ad-5c23-821b-c100e9c4856b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:91c8b0e7-0c62-5b5c-9685-b844475b60d8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.8 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.8" } ] }