{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:74f91884-c816-5ded-ad96-89f1b87d39a8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "4.0.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:006b5188-a08d-5f32-9fcd-0e219dd53b0e", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b87feb18-ea96-5d82-a2ff-7f862fbb3da5", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54501f1b-35f5-5ce0-bf85-97d994e5e9b4", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c5672da-79e7-5369-813a-26f2a6a1a732", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9522b22-8908-5ecc-a0bf-6c6737623816", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3dd6d76b-76af-5ff5-b518-9d9728bd1b20", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eaf7517a-f22d-5ca2-bc06-948702a5cb6b", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1324ee7a-88f7-5a4c-be42-3f9c505d932e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d318edd-5a98-5dcf-9bd9-a676ce827f50", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1daa738a-8350-56df-b0d2-970ff58499e0", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80bdcde5-5cdc-5c5e-ab05-f007ec820611", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b924a1c-8a88-537b-a104-493fbe88be12", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5630bf6-4330-5813-abbf-a1e4ec9e0228", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-core 4.0.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fc67d02-e3d0-556b-a997-6995c6c038c8", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec4dbcb6-432c-5fd1-9e85-ad171f26a03d", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fdd0efb-b00a-58aa-9be3-59fd41183454", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85fa7bb6-47ae-5644-aa97-b2a05a9d4c04", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42079093-dae4-5f16-953b-cb4f19468824", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d0c486d-6f30-5185-937b-d5a5a3bab1a6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69b7eaf8-729c-568b-b866-55e7f96d8be7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25403e69-64f2-5372-9aeb-34fb67ec932b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:649862da-c1bc-5b38-a2dd-19698eeccea6", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f22bd6ae-6058-5761-9ae8-12c1996fc08d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a55bee4-99b5-5c61-8191-218c35d20e6f", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0308a1c2-0a02-50c2-81c8-c7ebb79173cd", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:afc943ab-9e08-5655-92bc-0f375dd1dbd5", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79d14c72-16df-5345-923f-6bb5b3bc1169", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7bf1a5a-d926-5633-b4b0-50764b0d24ba", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdc8ad4a-0683-5576-961b-913cfc51a5c5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ef64fb7-e16d-5178-9776-a2f39aa7eb95", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e54873ae-887a-5de0-997e-ee0b9e963ef9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7293e5c5-c074-50c4-9b91-8cfce6583571", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0a07861-630b-57c7-90d1-225977e32b32", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3c23b7e-2fa5-5b95-b829-a4e112e226d6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6debe21d-7ff7-527f-b6dd-526776703bc1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2259974c-d938-5d19-9a13-a1efc2a14291", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef489b58-a405-5728-83a6-d1a091b1fec1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:559f1bac-fc39-5e1c-8834-6636f792038c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21c20c06-277e-5c54-8a34-cfe751b3cba0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81c3660d-0401-5aae-bebd-c5066b1b89f1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0321952-f46a-5945-ac9c-90a1f19f2489", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.2" } ] }