{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5ef80f8-f2f5-5562-af87-94b0583f226a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bf906855-9587-57b0-8b6d-cbaf7d7689da", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3b463f1-476c-5166-a8fd-df9a21895bd5", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e454c6c3-91fd-593d-9d6b-6402dc40e6ab", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a28de518-418e-51e6-b928-55309365933a", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5288eb5d-e63c-5537-9e50-8d6d97e3e552", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fc297eb-57ee-5a62-99b7-5f5d90db4214", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0252fdd-0cd8-589c-9dfa-316734b8bdce", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e21cd2b2-a2dc-5888-a4c9-46dc27b0c2ad", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1510cd6-0060-50f9-b349-f204ea7f8f62", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b40c440f-fa1a-5740-b69a-bcff5166b41a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b90869e-2538-5860-9273-675457166d39", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:574092f7-c5fe-5a3f-9fad-03e6933a637b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dcc04b9-3fb7-59b2-8e81-d14a069b6eaf", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1959a686-5d7e-59fe-895c-7784422994b1", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1274671-b63f-5f7b-9ca4-0ed7ac71ca95", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3bd242b-b396-529a-b44b-d78eabdac754", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a2ec6b1-664e-55cb-bd3b-cf08c747bafe", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84d07e14-7f56-59d8-94b4-b800aa227686", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50144006-b7b0-57bb-bb5f-419da9b65c93", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9794c5b5-f3ee-5f4e-80b0-bc3488571d01", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3b80ca2-3cda-518a-ac15-c5afe390452b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:222dd91b-a1e0-5a61-93a7-97d9cacd96f2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d7a6c6-fb8c-5254-b241-a1e936c87d3d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d73ca92c-0797-577e-9478-c0daa02f1028", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:597bc2ef-9ee6-5aa2-890e-13ede408d098", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }