{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fa75a20f-1768-5f6f-bac4-5d8a5b35f72d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:551225dd-a9be-551b-9cf6-219d6f34b089", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b44b8874-5b67-512a-8134-2f1a5e2a2fae", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ee1cd8b-0ead-5316-9efc-52700c7ec427", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85308a68-2d68-5d34-b0b9-1459585729bc", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c0a1060-54f0-59d5-8cfd-df50e73831e2", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17c594a0-1499-5f74-99a6-0449d0b4b04c", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c6a4caf-274b-53a6-bffb-23579ea1b9f0", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb2e96c1-1f93-51d9-b00f-4523a6ccbc06", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06bf40f3-deb0-5804-b154-72c274a84326", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d7865d1-a808-50a1-873c-20a26ce7799c", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff0a5e6b-6fab-56a5-b322-77fb085607f3", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b359499-c67b-5eb1-ba09-d1ca67a7be3d", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c8e61cc-6268-5b5f-9492-ce6f912c975f", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-web 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d950bef-5c7d-5512-a3a2-1d56a8de610b", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffabc63d-e35d-5937-8d91-122a875a0fbd", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fddec113-35cd-504d-923d-f78185694d5b", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04192f12-927f-5fbf-a161-93f1a9988876", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea5ebd30-ba2f-5d89-821d-333dc3691e20", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f45a823-44bc-5dd8-8874-6ba372063dd6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed3b2190-ea42-533b-a488-71495192f0ab", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c442e341-b5c3-5666-b96d-2ad979d23e8b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e3f99e6-6a68-59c1-b1a5-bb74c8fba966", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b020c2d-8b31-5b6b-a77e-b9b0a5b139e7", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e710e3df-a8d1-511c-8b4c-0f0306ea4370", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e13b2df-0c21-5ac2-a960-113b423a5a7e", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f04e1978-50cc-5c1d-aaa4-3709f1a850fa", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c46968b2-11db-5850-875d-55d94046f24d", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e9fccb2-bc6f-552a-b1b5-52d6f2241d13", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0152520c-7d76-50a9-8e45-63ede3fac0ca", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e167a62-737c-5a92-acf0-c93d5e370b8f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bd092bb-9c24-5570-a48c-f4333d9ea4f9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21f14323-89f2-5b1a-a332-6013a0369d92", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc74afce-4cc0-5b98-8aaf-684e5e0152f0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:362c757f-a94d-56b4-ba61-2c0fa97e17b3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79c65624-16e3-5ba5-8fac-a5ae8ee27129", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7d25fb7-d4ba-5761-8a2c-369b3b52c1c5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cae119e0-8b66-520f-ab58-18c164ac6325", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d5c0427-26c8-542f-a1d0-f8eb75debf4c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4e4d08b-e874-597d-b4bb-46152242e9df", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3cff2d6-0185-5a05-a940-d0fd837ace7c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51fb930c-328c-502e-8cee-35783ea27972", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@4.0.0.RELEASE-tuxcare.3" } ] }