{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b887cd9-6200-5605-bea4-5a689e45c9e2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.24-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2e58f6b3-2000-5916-bc5c-b6d293cad803", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04f40796-c7f5-55b8-a11c-2c956d9c93be", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2379de6c-aa6c-5b3c-af82-406f7b0dae48", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f767fc6-0679-5601-bcd5-757cb979229a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05817d03-1d64-5138-acf7-595a13cf9c29", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a573e8f-7bed-53fc-9771-386dbafa9a39", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63a44534-e20f-5f47-b2a7-5eff916e4a07", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a733c644-ce27-5301-a241-5384d1536c56", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:364d896f-ee78-5adb-9955-720d82542bbf", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6955712e-052d-56d0-8f08-5a7fcfd8a950", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f3fa4d3-4ed4-56ac-8d04-92a47e8917f8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55d11dd4-114d-5209-bc91-60e595f04698", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3a7cced-2808-569f-84bb-98cb38a6a145", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26727d39-01db-5dad-901b-25d4ca1adaa9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d11bea5-3bc8-5ed6-b2bf-48d9cd9b1066", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f75ced33-6ffa-5002-9449-dc4f17f86989", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2a39594-6571-5e70-8d03-1eb44b4ddbb6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0802812a-b03f-561f-b3e0-a3fb2fe18f2f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3e800f0-3dea-59e4-83bf-2477821c847b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d648905-d71b-528a-af7d-a624cbb375ff", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96214f21-7133-56d7-8ac2-5501f5ac9d26", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae673655-28f6-5156-b298-c43781dbdf2b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60fc004f-f264-5fb5-8001-5a5f0929a4b3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a70e1b9-5a60-5a1f-8963-0110edb8391f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dfecff0-f8a1-57fa-80f5-199dc2e9dbd9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.24-tuxcare.3 of org.springframework:spring-web. Patches already applied: 7052da453285658215efc1dd5ecb0d472fde2de1 (already in target via 2c11852775 'Backport CVE-2026-22740 to 5.3.24')" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5c019ee-a960-5430-8c33-43ce42eac7b2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9cf7c7d-4f2b-505d-9a23-f0f68618987c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fc25cdb-7cc0-5cf2-b891-cebd5523e21b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19d35b52-4328-58b6-b5c0-135d65fe06e3", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c99d88d-a590-5c37-b551-442077c7e944", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9ebd503-4ddb-546e-ac82-510f29dc7264", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbd8a966-1461-50bb-8c3e-fdd3da8aa3da", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40a41ed9-e96d-5121-b3d1-4e5bdf2cd5f7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06980f14-1838-5f7f-8ba5-67cc034fbc9d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6ab9b53-8376-5e52-83f6-c52306a8e428", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7d30b0a-16b0-5bee-94cd-b9be5bd72352", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0aedeb12-37cd-53bb-aadc-e27cd6d5c566", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d015d485-6ade-50df-913a-3ef89026c7b2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b85b245d-fd1c-58c3-af2f-0c1e3b47a325", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.24-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.24-tuxcare.3" } ] }