{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:be4f4f33-920a-52d3-aaed-9afad1c0e491", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.39.tuxcare.6", "purl": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a5c1a53b-082e-576b-8f67-b80a74e94d5d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b11b8295-d1ff-52d8-8da8-582ac58c9ab0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cad2519c-a1ce-58a1-a4f5-d0e4971a53fb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:94340b6c-9282-50b1-93ad-a691c8548c43", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b35f49d1-2a0f-5272-a3c3-285e816d9106", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9e3e2cc8-c053-5303-8d3b-18792304123d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:87591c21-08e1-51f8-bd85-fe496a4af7d8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.39.tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7783460e-3120-5704-834a-0ff53984852f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9b3dd0a2-3ea6-5809-ae09-68fa86df1e64", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3e750d6e-b059-52c8-b1fd-669126e451c6", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a221f998-f9c3-55a9-9f0e-e58de005536a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:502e9c96-cb80-5ef3-b79e-41e5cbb1a916", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39.tuxcare.6" } ] }