{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:991ab192-7e95-5e7e-922a-f16e31e025f3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3c4952b-da1c-59a0-ba83-5d2f0342d926", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b145fb63-c5fc-5e70-abab-7262c5af90ad", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bb156eb-f03c-5801-97e7-6940af9b87d8", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:caecc02a-fbc7-5438-9965-511174fc6efa", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88cb01ff-1587-550e-8f1f-b29a1bcb2f6c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05861188-4f8e-5173-8634-bf115de3b7be", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:082eb710-6559-5b54-987c-a456ac05d1b2", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63ed503f-c1e4-596a-b5d3-f8ddb1cca85b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f086c68c-db61-5e2a-97c5-c9b4d726f696", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da794d3a-75c2-5094-8c3f-74e63b287ec9", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b796b6e-867f-5324-9019-9bf7f21b95ed", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1ee72d7-4d0a-5ba2-bef0-61d88fa26caa", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b647b259-a4ac-55d0-8916-1684ba5f73d5", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf40695a-7523-5706-8dfa-d364b2cdc596", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bdbf3ec-0dce-515b-b3db-3b575fe692dd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efd78da8-a777-535a-a120-05a6521531e5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d287c2a-9548-5bc6-a7a1-84cf2db1b367", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db43938b-d6ef-5fb7-b4b8-55828274ef45", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d4440dc-69b6-599d-b3f3-389ded23aa35", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f5f1dad-73c9-5912-b12f-d1e67c95381c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f19e5e9-7033-535e-bc25-8a2a96848f64", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7a53403-d1e6-53fc-81cf-0b0df153cc3a", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb0f6128-61e4-564d-9de8-55397bc8a37b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f189517-5823-531a-bc66-e4e6162c4226", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a33833e3-d00e-542d-af50-04aee3619482", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad3611da-847a-508c-bc72-6cdf8f4ae800", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ed92bc2-8308-5f5f-8e5b-fdaab5dd82d9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.1" } ] }