{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:956f240e-ee97-5f77-be4a-8aae4591cfdd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8ca13bf3-1658-53fa-8431-25f27857dad9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:857e5d40-6f38-5529-b431-922b30e2faf2", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efcda9a2-32ee-5a7c-ad9a-e9788b828536", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66ccf464-4c53-5ae9-8222-11ab948a82c3", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:492c7ed5-87f0-5c84-b6a6-dec31f468734", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd81237f-087c-5fa1-9d51-c06ebf44cd4a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4e10a8d-1428-5d7e-9522-03c73214dba7", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e43a62ad-8581-5b1e-ab3d-a0e379da7b88", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42a222d6-ff9f-57cc-8e6b-127c4a65303f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b687fa0e-982a-5e50-93d5-7d92cafac5a7", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80b47ab0-a68b-554c-ba47-4984c1f56e63", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0279c05-d17a-53fc-8d6e-2532b41db86b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb12c1ec-56f7-5111-ab9c-9f6b81ffb192", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a08eb11-338a-5e17-8989-1bbd5885495c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73f644ea-4d45-5235-ad2c-febed86f0656", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89f24d03-bd35-566f-bdac-79fcc48d98dd", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jdbc 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0599d018-5042-559e-a61a-7d8bdb1b1799", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:515d26b3-8de8-50b5-b3c8-edbcfb7fa5fa", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37b79f3e-6ac6-5339-8b2b-280d48ffb4ec", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd37c648-b072-50dd-8c72-592f367cd769", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:430cb967-0d11-5c1d-828d-ae2f9f188609", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6250e323-e312-5fc5-8f9d-d6dbaf9c7807", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35eba380-63cf-505e-84f1-eb446802d117", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9a7e938-6020-5a4c-876c-6863e2957412", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4aa8f262-f212-5a54-a2f8-cd473317c706", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.1" } ] }