{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ca33d49b-ae80-5560-8939-823074b6009b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "6.0.23-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:49d04fef-fff4-5c0e-a88d-3acaa7f31883", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:578edacf-85cd-56c4-8ce7-437a480b375a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ddce71a-0240-5037-8606-9be56e13abe6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97267ace-d806-5ed4-ac8e-3425954577a3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54eb493c-0b1f-584f-8896-aa6fba20ac0a", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b171a64-29b2-5873-ad39-f6a4a22c1f5f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:931c9aed-ca0f-5006-af4c-0a22179e3ac4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a4255bb-5cd8-5c08-bb24-f01879ae05a5", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3424eb56-4952-51d9-9756-127d6f87ac49", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb6e0778-5a7d-5e85-a97c-f5a384e012e0", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b11fca8-b1d9-5868-9685-0789ebe997d0", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a959e17c-8be1-56f8-b077-b5d695a76a2c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15e96df8-0849-54cb-b17c-81a1e88b7112", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.0.23-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.4" } ] }