{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cfcfb1b0-afd7-55cd-8083-ea01bc43da07", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:974bb3cb-d8d5-55d9-be6f-512d6e979d43", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee284272-66fc-5104-8ccb-c792e4581f58", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9643fd81-6171-5ce6-bbd5-7cb63ba83595", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ed45b44-f06c-5225-b7a5-39032970ac9a", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c371d3a-8604-56a2-a23f-157aff6bf668", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6831e564-93cb-57d7-90c6-908da1b040a6", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87c4daec-d0e7-5e8c-b870-f207bd6b95b7", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d25d7365-b18d-5f9d-823d-92849c84d7ad", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb15a4e1-5ec4-518c-81df-662b94bf7d7e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7de3e89c-83b7-5f0f-ae60-574b2497a6e8", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12b398e2-83c0-5e68-b3fe-a7158b72e429", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e58ffea2-4fbe-52d0-af05-c64fe8e60cc9", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b31766d-0f31-5b1f-b84c-8e43a8137502", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c1dd52f-bb5f-545f-9246-9276ae8a0b98", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a4fca1d-0f0d-5dfd-a49c-d829ae86ef8a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e1911c3-049f-5174-bcb0-cd4159f49c24", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5ca6eeb-d15a-59be-b448-33d433327157", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec701bda-4aa5-5627-9f4e-488c8e48f140", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:489cceea-1dd6-5df2-9c59-5167384d1396", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-webmvc 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8dc4ae66-60e6-5172-8891-45b9fefcc4ad", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:becf0cf4-e723-58c7-996a-91b1959d9fb5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:384d91ef-2227-5d67-b161-889da82f4711", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0871971-7e60-54ad-874b-82530a0a5e13", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8547d3d4-24f0-583c-af2e-b1ab9505b198", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-webmvc 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9550062-c31a-5789-ab86-0cc88a00d106", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.0.RELEASE-tuxcare.2" } ] }