{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:791bb347-ac7b-538f-8e07-e26650e80985", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:df0016d4-2a5e-5542-977b-c509f1a93c36", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d80f892-d18c-513b-ac0c-93e4db526186", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6957b7a-bec9-5a7a-86c3-efe33b5914b4", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16afa825-d940-5ba0-b940-59b4e1fb3b66", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ff935ff-d7fb-58e0-b816-96a77d90f848", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40468153-7e4d-56ee-8b01-24c1496dfd5f", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87185b89-7ebd-5f45-b392-4afb1dd5f900", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07ff191b-67d8-5e06-b12c-677bc5ac3fd4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e24c7da-6757-5af0-8594-093311633b1f", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e54d577e-7d72-5568-b7c4-303989853ff6", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ddff241f-8415-5cc9-9f09-51c21ac46730", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a433791c-c058-52d3-80bb-f98f8d7a1784", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64345f5d-7863-5db8-951e-801e728ef45d", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c10b7012-06a0-5e8d-8560-6c7f0ca1794d", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a474ac2-0887-53e4-8d30-08f0de736334", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6327bb9d-4ddf-51c5-96a0-f6213a304e3f", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:138ad26f-0a92-56ec-ba01-0d46b2f5c500", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b89eeeff-c329-5ca7-ab85-6ffc6dec5c86", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac27cb4c-f223-54e9-8331-448df81fdf2e", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d7b5605-29f1-51c4-9b10-523c0258ffc8", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d73f7b6-8907-57ec-b1d0-0e9dfc8e96dd", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:057810f6-95b6-5583-adc2-5f00de9a9dc2", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f25be70-92aa-5bb4-aa13-d670eb790975", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ab6a778-6397-5f3d-b1ff-c2cd1cf0ee42", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aaa4c686-bd4c-571f-b2a4-49478c4f2f69", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8175014-4fa1-582f-8bb9-da97abc37a13", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32aa29e8-1276-5d7c-b081-8cb9462a3311", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15e91600-e40c-5e9e-bd03-994c761eae39", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c420b085-2e38-578f-b233-3b8ff24690c5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24622165-d131-5fa2-b611-48d4e639f610", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ac12bd6-900f-5b2f-a59d-4f4987257ce4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d6fe103-ca68-5a90-8dfe-9887d7bb5194", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b75480a3-97d0-565b-9d10-eb6a98933515", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5008173d-44e1-59fe-936d-92b4c3914263", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d3cc2df-91df-5d7a-be73-af0a5fa35247", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:554d91d6-0d39-5770-978a-cd23f1cb13f4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e336dfd-6860-5784-be6a-d40e67d96703", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c129e0c-2d81-597b-9c4d-9a31545d817b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ecd2ac8b-4368-51f4-a025-149ebfa18d8a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d8f35bb-a84b-5e3d-aa7e-c8ded581922b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d675231-9e85-5e67-90c1-0fb81780f5db", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.0.0.RELEASE-tuxcare.3" } ] }