{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7e5ce529-3d5c-5c6f-9a78-50b95fac8af9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c1e18f8d-3610-53a7-a227-98ae59344c04", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1037c91d-0578-5d4b-89cf-2d4a7b837a87", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0bef0603-f69b-534a-91e7-e996ae0c028c", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47cd7ce6-9127-501d-a79d-b816b40f1d11", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a675ebb0-1ddf-5702-962f-95a24a56d3d5", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed295e48-e2a2-5b36-879b-e7081b1fef15", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3c6e516-9b72-5a63-aee7-bdec1cc987cf", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22a4ebc4-23a3-552d-8758-7e47710e10b7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6aac1619-4dd9-5826-8318-a630b902d132", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:288103a0-8fe1-50f1-8b29-056af4c9c666", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d85187a1-9e87-5da9-8ba6-97528c58b3bd", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbb0a69c-5347-5a38-af2c-ccfb9f218bb7", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:409b711c-cc48-5ddb-863c-dc2abc0ab3fa", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-framework-bom 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1aa1a4c2-04c4-5df3-8fd5-e9d527212c98", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a78830ca-1bcb-517f-8732-452f4ec4363a", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aac76456-a2fb-53f7-9e48-31406ec7355c", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dfb9249-a3af-5faf-975c-af63024b04ba", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3b791db-e8e5-5fbe-b034-b4681c7e217b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb403773-6fe4-5a8f-af83-d62ce910e709", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71d4d1e4-f653-5d15-9203-7a330235eadc", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42997c66-a04d-59fd-8fbc-74cdad6fe310", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffcfdc81-2d42-5819-ae2f-04ce18c4dea1", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bc6bfc0-eead-5f2f-801b-3846f47673d9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:884fcfbc-7cc6-5b5c-8290-ababb6c4ba2f", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15603d34-d811-5b30-8a85-923d51954aa7", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bad2ca3d-3825-56a6-a02a-dce2287e7cda", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ac4510f-9a06-5410-8a51-fcc5cb3bdd39", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe1984e9-3188-543d-9fef-35e6de25c2bb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:919da107-c371-5bc7-8652-ce46e317aefd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9989636c-7598-52ce-991b-40472de7fd95", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b57af0d-4006-5ffb-9616-660938f40190", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a9696de-bc48-5d86-8363-d348901f909c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ee6e596-8291-5ba4-89cc-52687af4779e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fa975f0-40a9-5cfa-a6c5-d3de1254545f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12cd32da-7ec1-5fb9-8476-eedb2fba0ea0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f1f1381f-e157-50e2-b1c1-fd112d66f70f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc2aa46a-897a-5229-b91e-e44a46f137dd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66acf6c3-62e4-502f-9210-0b5a362655ef", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd278fbd-2dfd-551f-a0df-536f8adb321f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e7a4514-7573-5717-a154-c04734d069ae", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9dcd870e-88cc-5d6a-b13d-ac2e278efbcb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.0.0.RELEASE-tuxcare.3" } ] }