{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc96f880-c666-5cbe-ba24-95d6a952911e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:47338fe4-1b01-5516-bff4-b770c3467066", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cf6c4fd-e786-55e9-9897-a8b24d5194b5", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35899c32-1dba-5adf-b02c-141c59823aa0", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:930be9de-30b9-580e-b6c2-e37fd166909e", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2db66617-8d58-5781-b1c7-ca5c5b0b932f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d944374f-3e7f-5ff1-9c9a-eb0ca8e562bf", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62ff510d-82b8-527a-a8d8-ad049e04bacc", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:767d74a7-fb31-55bb-b1b4-40da3b4be25f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e57e42dd-9b2e-589b-884e-89a91e04a13d", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c8e302c-594a-5c09-9539-afeae00cec69", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa94cf98-109e-52fc-9b66-b98147a02738", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2be343e6-57ae-58fd-85ea-0efb432b5b33", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:876f502b-035f-53ac-a86d-6ca38eee4e29", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4e22b81-177a-56e8-b24a-3c8628622989", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e8a0855-724b-53b7-9d09-95ccc593b06e", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e1ef8ee-77b0-5f06-b981-91f1dba59fe4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb875f87-31ec-51a7-b9bc-5374a03ebc83", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:704e1495-7851-5ce1-8888-bffc8959e46d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:386064e6-7868-5688-b9cf-185be136bf5d", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f51026c5-ce65-59de-bee4-85fa2873e7a3", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ea51b12-20e9-5847-951e-f94c2a2ad50d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31ed8f62-302b-56fb-b032-99c16ee5f468", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-core 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fffb2549-ac91-5d5f-9354-db83bd38f719", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:406922d8-cb59-599c-b0ae-0f299d8498f8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0fda591-7159-59bf-8c5c-e7e868c15810", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b077595-e25f-511e-a2bb-51e1fd512d02", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ffed3ee9-0a0c-5005-94cf-74eebe9d1647", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8039f29-423d-5fd9-bcbb-64ce26a62680", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5338daa0-5781-52b5-91ff-736fc5297e19", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44330eff-f985-52e5-953d-4ed0d93fe483", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.7-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.7-tuxcare.1" } ] }