{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b50f8f8f-64cf-5585-a94b-b5dd776e8cac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:64b535b4-745e-5c61-ace3-7021863d80cb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00ca0023-724c-5130-b195-9f69bc34f070", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c38188f-8276-5694-8fd3-69ff74ceb155", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6259ecbc-b14d-525d-a67f-995ce2c96c5e", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:855e200f-2eea-50a4-ac70-3d51a075b378", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a567d23e-0581-5403-92a1-356418c24f3b", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f830d416-9b25-5654-aa9e-b97b12038472", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87dadb2f-abc9-5990-9d80-4eca7c3d2458", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a44658d7-9f0e-5db0-aefe-48926977c9a1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9acb5dc3-bce9-56ff-91ff-a215e6967c0a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e07bd81-d37b-5983-830d-145408577802", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da9515c2-c94c-5147-956c-4f97f033ec13", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de258388-1695-52dc-9f65-3298a4127e56", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51de5a92-77cd-557c-8af2-7d30f560544d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68eeedde-7c17-5488-aa86-30eea3512bd8", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23a19037-a3da-5756-8457-9c17fe69d560", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5973e46-b26d-5696-9cdb-e2bcf3a979c5", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1040b9ab-b109-588c-b6ac-cdef06f42437", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55cccdb9-d4f4-58dc-acf1-eef66a30bca7", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8520ece4-59db-52df-a300-db17a4aeeebf", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9ed53f9-3007-5fd8-ac4b-7153e3855f65", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:afe192f6-1416-5f09-917b-e55313cd4224", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ec62659-3090-56b9-9d78-8b99af8e1f19", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0c42148-0044-533e-80e7-073a121dd156", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:883f543c-0c1c-56d3-95cc-4db4c50a434f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.1" } ] }