{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2c97592e-f873-5bd2-8027-c997dff7d5b4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b727ec16-0d36-53e0-8fa5-e30c74fa44e6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1d09df8-89a1-56c2-91d2-3b1783b86111", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a672932d-8a33-53af-844c-e092cc81b425", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78590c16-bce3-5930-9b14-276f053055c2", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03541145-ba1d-52f9-83e5-494ab8770ba8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6065cbae-2e3d-5e46-8d7b-f3a2fcd8a47a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:535bc034-6219-51a3-843e-8375f7a3fc70", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97a02782-29d5-522b-b3b6-5646c773a38c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a38bea1-ed42-5179-b66a-d0f33a6a3879", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e3cf1d0-860d-5c78-8c8d-e0d0890afde9", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd139ba7-5643-5754-b142-e99f985c9738", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0b868d1-557b-5a9e-a7c5-fda674773c7b", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da929344-a691-5330-bf45-cd125c629046", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f7a151c-0b33-5a21-bb06-c88f4b83aa63", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f6db00d-f9c6-5b2d-83a3-ee19a6ce2221", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d07415dd-0a3a-53c7-ba60-eadae721a86b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28b8a272-c5f0-5809-a4da-77d3d1809894", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27.tuxcare.1" } ] }