{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:026f4ea2-96c1-53c6-b5c7-4c857209d6a5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.24-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07da8649-3645-5895-b7ea-784cf5a44ca0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:627fd2a2-fd6e-5dac-9371-4a8de404f37a", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:698fea5f-6e13-5cfa-9310-06536af1ba40", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fe19e81-de4c-5697-993d-06f4d2552648", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce9586fa-a3ec-5f02-9efb-4b6e6138f245", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d01e5c07-cbc9-55a1-902f-1b050818aad0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9cfa10e3-6bfc-53af-bbb7-4c55f5c3ce9e", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f497c202-c6a6-56d9-a2e4-1f023bf66a93", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b48a608-8d5a-5ea3-9941-0fbfcd688dce", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7396dedb-fd4e-5f79-9c42-a0067ba3e0d6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fca76d5d-26f5-5dbe-89a4-594f747b837a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a8875b7-5be0-5a8b-b6dd-7edd79bb86d6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12d8f670-1a5f-5d8a-a6b8-731067158fc3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:befba8a7-0945-55ee-a436-763c89fef33b", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfd2daf0-b013-5245-9e03-7a7c8ed22387", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac142275-0bda-51a9-8c60-73d2975d4c51", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b5b338a-f47f-57d0-8258-9452c85659b6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcad11be-9e1b-559e-91f2-ee3b23b76798", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14273eda-c66b-54d6-bc65-fc4ef122e30c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc480e30-cd85-5434-a4b5-37c8e3dd174a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa8b5825-a9fa-542b-a9c8-84d61b1bf666", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd8d637a-8107-5063-94a3-2d4a4c51417d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63c94c5c-c7cd-50c6-b723-89859f1c8bb6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78135f79-43f6-505e-a343-fd4a2ade1bf6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39d39b87-74ff-5bc4-993e-96ebe52fe98e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.24-tuxcare.3 of org.springframework:spring-instrument. Patches already applied: 7052da453285658215efc1dd5ecb0d472fde2de1 (already in target via 2c11852775 'Backport CVE-2026-22740 to 5.3.24')" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5295cc83-fce8-541c-9c17-f90271832ba3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:554db214-ff09-5c6b-ba26-257696a715b9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de03038b-b71e-50e4-9fc0-39707da79abc", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b0f2a0b-ac7e-516b-ad78-148de80a9724", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c64557fa-ce61-5334-8999-ca71a6c6ce0e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77e7077c-2d62-50d0-a2cb-77d879ae62d1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0fd2dbc-f979-5802-9675-511595a665a6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83dcee15-edd9-5dc9-aa3b-9cf69916c4c6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56dadbde-49ad-536c-90c2-6ad6ebac26f1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:644c94e0-d8b5-5c35-949a-b93b44c2aaff", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:581e4ca0-568f-533d-afaf-94c9342b2b17", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f47dce68-e913-510e-b725-94ff3dd36276", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98104ccb-21d9-5aca-9ec2-62d65bf58a8e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ab1ae87-25de-5544-89aa-79334aef5629", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.24-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.24-tuxcare.3" } ] }