{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e5883d56-2c76-5768-a4a4-6d03874e670b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:58f5e14f-00d3-5ea8-9512-4b7c536ab0e1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35f62db8-409d-5d67-b375-b12a15f7e8f4", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c216ec6-5bf1-5292-aed0-9c666d65cdc2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33ad2309-ae14-5ac6-8aa8-adb32f0fa4de", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97d12266-9abd-511b-8523-7119a55c4893", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d0a3bff-0649-5d76-9db7-91c4cba2832b", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46583ece-5979-5ac5-bd61-9468332aa7c4", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad3c095e-c526-58b2-8b51-7a3fdafbef62", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96ef7551-372c-5814-b94e-88155a70b724", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b432774-0835-5b2a-b69e-13b70bf76f7c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96cf9c49-883e-51ce-95a3-9fd52d21d58c", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09fc7534-a753-5e0a-8344-82f3c9b2e46e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12570df6-baec-50ed-980b-67069b1b8ca3", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4271b005-5dff-5786-87c7-46654e279497", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a6db27f-b5d0-53a5-bc48-9aa3c24fd2e9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc17fb04-15ab-503d-94f1-cc0da77099da", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:982d59cc-519e-5a20-a4a4-d370ba2c08ba", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46e586ba-adf7-5815-9071-cf1d85f12b07", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85c000a3-0403-5dc4-a01f-80bb99598e62", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6d30d27-0ad1-5f73-a606-c3a3e0713dac", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecbdcd05-6bac-5e78-b51d-490363717497", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ee0926a-43dd-5893-953d-e88485f6a012", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd3ad247-a338-51a3-85fc-086ed09d0140", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cb50bbb-5c53-50f7-b496-cfcfd3d281b8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9518b32b-99f7-5b8c-a500-8790cd47fbfe", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da426506-b1c1-5117-bfba-ebccb4ad5dc3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd7917d2-696a-5c3e-94ac-0084e81f1c24", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.1" } ] }