{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9ef9def6-f3ad-5638-963b-b6341609d95b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.7-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a58e7a99-09ab-532b-9d3a-0199bf3151e0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab34063-e5b1-51ed-867c-3e64144f40c2", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e81c665-1dac-5085-ad9a-59af829086b8", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f21274a-7c85-5a75-820e-8fc4ff95d6fe", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fc76503-04a6-5a76-99e5-6f57bc465175", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66b8290b-c74f-5bac-ad29-e8f80836a605", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:779fca40-a296-5af3-b6ae-8da9def5167c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:590b0da3-d2c1-5a56-8574-ae7ce6c20def", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4038596-69dd-5899-8175-d142022a624d", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce79d669-6bfa-5b8f-b35d-6d0f3d8097f7", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:044d76a5-bb3e-530e-8cf9-e98635465d61", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c70dbd8-56de-5fbc-aed8-db2d543ac69c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51f1df6b-11a0-58f5-8560-49574c1b5c04", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0585b8a-ede7-5fd9-9975-6eb4c71c9e65", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:607c666e-c04d-5944-9a72-b325513b6802", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d4894f6-eb34-5a6d-862c-ea8544528a01", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2517e955-0496-5aa1-b19c-7559cf4c6113", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66ba8af2-4a36-500e-9154-943397c124f7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e43a4ecd-0557-540c-9be7-a8bef354ead4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:915b84fc-6e25-5734-9b51-0e870df83ae4", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38b0daff-53ac-507c-938f-db04f135ef9f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ee1ff1e-c7b9-5f6e-b4be-6ecf37e8aa1a", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.7-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bf96844-53ea-53e0-9400-a96228d94453", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50d6086c-45ef-5e51-948c-730719851d81", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35cf1e7d-1ac7-5463-a33e-7dc7ec581166", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bee1ef20-4440-5370-a90e-67f2a4102b91", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68413dce-da2a-5d9e-9c8c-54811776e449", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.7-tuxcare.2" } ] }