{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e0fa791f-7b47-527c-8f67-19dd83ad5fe3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.24-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7cda6f8e-4fdc-5b66-bd73-0e24b3dd9cd4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:690729d9-c698-59be-9b11-079b57e90727", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43b891c7-2bfb-52d6-841e-c3daa44e5fc7", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5afae8a3-789a-56e5-83ef-22b946e29705", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f42436d5-672e-5b05-9274-d37a2638890e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02be46c3-910d-522b-a748-9207e8861784", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b289c3db-8d53-5c78-9382-791418b040f0", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0051cba-4f8e-59be-b615-85d30efe4dc3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d143240-d3a5-5ad1-b7f6-9851bb030284", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63cc049c-bf61-5263-be91-5937b3ba5982", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e48af977-2941-5131-a532-312fa07677f8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ed8e02d-e774-52e9-8590-88a251549d55", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f88cf974-84ef-5145-b962-952c42ba98d9", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8220113-1337-5a11-80bc-da0fbf2e25cd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59a96da4-a11c-5a42-8c17-eae76b9b2d1b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e683aad-6e2d-5f1d-a0d1-2811447f7ccf", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff540278-254c-5b66-a32d-c65fc424ed3f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c732cac-a233-585d-9596-a69fa192eec7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0b40fa1-f3f7-5d1b-99bc-c79feeafd134", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:797ad456-c270-5582-a846-2fa433568d79", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:838d7dba-d391-5499-9815-15f37762cc5a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2c13c0e-8929-5ef2-8b44-3327859e0eab", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79a69839-89b8-5dbe-9696-f04406ac2481", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9524d32d-342e-5804-ab15-81fcd36614e4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a61adc1b-6df7-5c29-bcca-c27318548528", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom. Patches already applied: 7052da453285658215efc1dd5ecb0d472fde2de1 (already in target via 2c11852775 'Backport CVE-2026-22740 to 5.3.24')" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15e1ed69-5c22-5d5b-96c8-897a386cbadf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30bdb999-2137-57da-8262-8ef98c61ce08", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ec48209-6548-5bbc-a05f-cbfeb4be909f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:755e1297-e10b-53d9-bfd1-de213aa7c7ba", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7f7378f-7354-5501-be98-aff33d6d7973", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60e9885d-802e-55ea-8f0f-0b3761196eb8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6ccefcb-1811-5706-b138-cbf8ab8f0315", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6187da98-afba-57ae-85ca-0e9ea6cc8e3a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04ca5dad-c8e7-5346-97dc-c9e26d6770bd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77fc82e7-fee8-5322-88aa-9f8ed967e311", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:825ff39f-22db-57ee-848d-ee7414c06ef4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4aeefc52-fc9f-5c00-a9d8-0937393167d1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a11754eb-dfd0-5b40-8573-aff48056b961", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d17b7106-7748-570f-bf6e-3047829229ed", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.24-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.24-tuxcare.3" } ] }