{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2ecdc0b9-bcb0-531a-99dc-cd0a4e65290a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4ca90b90-01cd-5c59-9915-1ed4756555bf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6eb4fc8c-a81f-528e-9565-e58c1c7945ae", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d45cb3c-110e-5a76-8898-085dc7ab2ad6", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f1bf4b6-af23-5ebc-9834-915a4160e46f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2843c8a7-cdb0-5237-afe8-020d2053a57d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eed6b00b-7a07-56ad-abff-4a8d37a0e57c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59cf47c3-b016-5534-94f6-8d834ed64bac", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:280e3b5d-b635-5b8e-9f21-a0b7317d9ba1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3690c8cf-9e3b-54db-aa21-8c2a6140d234", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73f782e5-e9f9-58da-8589-095371ca7a56", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ac2c765-65fd-5de0-9d4d-98a17490486f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d394bc2-1f6e-5dca-822c-b9af939880be", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7489a9ce-f95a-56a9-8223-4e242a489045", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:951115bd-e098-595a-9445-89d375c78f5f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b497ffa7-8a22-5d57-b194-dcc9733a81f7", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6980ff98-ba81-5e43-932c-dca59ed18cd6", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-web 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:493491c3-da03-524e-83fa-24573f73d9b4", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fc0c4c7-b655-50a9-b971-327bb11bff34", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef569e67-fa08-5d6e-b86b-e438f6a11cc2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a82eded-1c28-5ead-93c0-65a3dcb882c4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b312bbd8-9fa4-5160-9442-1db59bccad1f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b5ea4df-f978-5ab6-993d-fc52bb27fa64", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4479764-02f9-56c1-a132-8f70f7ca5917", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28972cf2-4d34-5d7f-bd79-fa22641e5fdd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5db6c939-1bc3-5f54-a813-a6a02e0a62a9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.20.RELEASE-tuxcare.1" } ] }