{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e95c3b93-ddde-5736-bfc7-2180b3c30d6a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:84df460c-8d2f-567d-8aa7-74da66a7433d", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2d25ff1-4bfe-5833-b7fc-3bdc9ff2a9f3", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71730b2b-c1c5-5115-b285-fea4fddfd4e9", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d152743f-ef7e-5f14-a116-00e13cdaf297", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d93dcee-945d-5829-b56d-dd02582ea94c", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d784a230-eedb-528e-b07e-6c74a6cd7807", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76d048cb-f085-50f0-8cb4-3a6979f8b410", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18da28bf-28a8-5c35-81f9-d109a78bb8f2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99b00c37-ae7a-520c-8da5-58fae2c69d5d", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b627a3e0-b213-5d8f-9b78-068cccbd7a11", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbb2316a-e513-5b4d-9f1f-c3260a57ee26", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ea8cae5-2b9f-55c1-bbea-51703e962e76", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76f9d32c-bd25-5baf-bee7-ce793c054d29", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-core 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08ca235b-0a82-521e-84d7-7711b0c2f08f", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92a5b53d-84b9-577d-90a8-b7e969840853", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa443d3a-5b8a-579e-a06d-a765f4c7bdc4", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c734542e-d781-5491-8141-769d1371cba3", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d629482-8312-54fb-b65b-fc50fd69e5aa", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5d10beb-185b-5f7d-b329-eeca1bb78d66", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:866870f4-7241-50af-b836-a7607cc049fc", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:556f25ee-0807-5198-b883-095aa1efaf67", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9c2294a-6528-57d6-9962-52aac92fb75c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83d497c3-742a-5089-b72d-c0694065f1d2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00a0bb95-f75a-546e-a4f2-31565ed3e0ef", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d57e02d1-c65f-5c85-8974-a1d03ef8c68f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56ca4f21-bd53-5381-8933-6eca70aacd86", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ecf00c0-0905-512b-93e8-d1fcf3659a92", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68f0724d-ff19-501c-84ed-a105c19ce4f1", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e76b4a99-905c-57cb-85d6-aef9c999177c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0bca054-4466-56a6-a853-9506c090643b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2c31859-f649-5c62-ba47-c3c69c9a092f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e606613d-5c6a-5511-b014-fe950f8d3042", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e35ceec-8073-5aa6-a1a3-29c7218834a5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78b0e079-b90f-5dbe-8ae7-3e0d60a0477d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:603e02ca-1d68-59e1-a4de-44baff4657f0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee8662be-66f1-506a-a87a-dc3e93d2c1eb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7b85be1-db68-5e45-bcef-a573f54ccb3f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a2a3e99-099c-52f3-9705-00bfd5cb409a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2588359b-2789-5560-9c32-8bbc2cda7357", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d50283ef-025f-53d5-b4ea-69de9b83012a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6bfb50c6-47e5-5f8d-9465-d0548d7f4988", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@4.0.0.RELEASE-tuxcare.3" } ] }