{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e790cb0-02cf-5fad-9053-c20bf48ffd86", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:47fec4a6-7758-5d4b-a768-4c329de387fb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab7503f-67c7-5978-9f2a-ccd41e576829", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cc0d475-7226-5d52-8629-a11fd25d0b63", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6454168f-1288-542d-b1bb-0ffde1b8651c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:189d5f95-86a6-59f6-9b89-ec0cedf6228f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ee98832-978a-5907-9a91-91d8a9abbf2c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebfa0e30-240c-5590-9e12-883e0aa45fea", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:679b66ad-4dcc-5349-9d5c-e6f6dc86cb87", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09c5c83d-932c-5170-8684-f5206cd1d6e8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:244bf285-c82f-5808-899a-97347af93470", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ee4caf7-6b7f-582f-9582-a38d95a6aa83", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b87eaeb3-542b-56f0-a24e-1b830530599e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77ddfeeb-773d-5655-ad98-a662cdb81a8d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a500130-f91b-5f68-9904-130a4a29cd5f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a423e6df-111f-52a4-b317-cf21b7af7564", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c6ed520-56f2-5117-9afb-acba0dd8d91e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bb430eb-451d-5031-a17a-8255f210f2bf", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }