{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94cbf406-e87f-5c63-95e2-5f527ea15206", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.7-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b216bcc5-1a94-5abf-83bc-5864ea376a92", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8e3a886-5a5b-5901-916a-ea381f750d4d", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:351ef6bf-3579-5c3b-a23f-5d9ff6b7283a", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b338bd5-7f6f-5909-8a82-79e9ad2687e6", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14ac21b1-bd8a-5d9e-8eca-e8a6fddf0bf9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:068de1e8-2eba-5d38-9d9c-75ac252a24b4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dd51623-c49e-5df1-b447-963db57b3fd2", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0126d06d-6073-5155-9a35-d0653dfb95fd", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee2c8d45-7a45-5765-afc2-ed431ac3b403", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20f10d1b-9aff-5bcc-b299-d0bd8167b427", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12c3f3da-96e7-58b2-be57-da02edeeb011", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f49882a-760d-5e90-a0f1-2f29ff66156c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a559d2a-b5bb-5ef0-81bb-9f7fd04b24a7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f9591c5-365a-58f1-8a93-a0c8e30cebb7", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e256c26-6f4d-5aa7-a1f7-c5897912ee7f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9be558de-a456-55fd-9805-100cd1ebca91", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:030130f2-877d-56e7-a8ed-a665a0269c49", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8965bdf-dd67-52bf-a7c9-58aad8bdf193", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f22f09a7-2ff0-5517-bbc2-7cec4439f2f2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:660a5d5e-bd57-5846-96a8-cd55db68a589", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d3ea007-5a96-5676-84fc-81341f70c5cd", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65441f8c-3f1a-523e-bb55-1c41d01b3dd4", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.7-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f8dfe33-c8d6-5508-8acd-6f3c8efc21d7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f32a265-c022-5f4e-a675-fe774f5999a1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cd33b98-7642-5a77-9bfc-5a69ea8a5907", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4da091f6-ad0c-52e4-b43a-47e537818ea6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0679825f-5930-50a9-a636-bbf26fa51ded", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.7-tuxcare.2" } ] }