{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8d8077bd-eab0-5f69-bdea-80556f93440b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10ef3dc1-0d40-5683-9566-55a2cd59a267", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d72017f-bdc7-5dfb-a7e2-59d3a21dc262", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56e75d82-03de-53ec-8c1a-0d425c02bac2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:257d3cac-2726-541d-8870-58c3f6d3ef7c", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eaba930c-fe27-51dd-9f03-e4415d704735", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71662aef-ce00-5981-88e7-a2ffe3f63971", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2eb992b-8cd3-5a16-89e2-193433ad2cfd", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca317702-7713-56fb-adeb-259c0bc925aa", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8f1081b-1e92-5f18-933a-c35496e29b95", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8a4245d-1000-5c5a-a2b2-bc8fd6fd05d1", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3f77dc3-865a-55d0-8f55-35ac0337507e", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d353c38e-ac04-55e6-98e8-03b5914ccd24", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91cce9d5-953b-59e7-9dae-05627ab761fe", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e63f15b1-c432-575d-afbb-54b028af340c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04df015c-cfad-50ed-b493-102e2c79a70d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b09b879c-a99e-58a8-9283-9e0b9e56ef21", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-core 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:396a30fe-7ac2-5b6c-a40a-af2e3f8f62e6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01e4817c-d993-5d07-972e-28955584316c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80e98a4d-133e-5362-b0bb-18583dab40df", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88ceecd5-a8ed-5227-96d1-f8c6b5175d7a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76dc735a-4a05-5fdb-8eec-7e958ad70c90", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:487fdb15-70c1-56d5-83c8-4dd6a624393f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3aca61d4-46dd-5a6d-9ff4-3f156c4c67c6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24519ae4-0ea0-5fe5-99f5-788d0ea01b67", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45743c75-5e8b-5731-93f7-5252e189a528", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.1" } ] }