{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9bbb73eb-0b1e-5610-bad1-6eb56d13db55", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b3dd7f07-936a-559d-adae-9f89e0093efb", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93acaf45-3801-50a5-9628-d2f5aa8c89af", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aef50a83-6364-5fff-93ce-45745ad5b804", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b6202b8-2cfd-578a-8df1-bce3ef093134", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64616710-36c2-5a25-a322-acee4aef06fe", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e39440e2-beee-5903-9b24-c24c4f40ab25", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dd6c085-566e-51f5-ab5f-f50a8fab0de7", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd2ac40b-2a2d-515b-8a22-a44374db86ed", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:736ef7ae-be2e-5286-aaf3-330e75f0d262", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02471304-3ecd-5291-94e8-2bf12d6d8f69", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6366b14b-32e5-5040-bc58-ad4423e38495", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10bbe3e4-f91d-5ef2-9250-f11ba79531df", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5c853ca-07c5-5dbb-91e1-9a7009182855", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-webmvc 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:703f01cd-5d90-5521-9545-9dbcbf0f18f7", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caa752a3-01f7-5844-965b-4e3d3d469361", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e2105b3-23f5-5aa0-b00e-70e7e028cff0", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2572d058-2d7c-5b98-99f4-3e3e53be2267", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72d354e3-c9d7-5019-9799-5397550d4a25", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a27dd75-3347-5da9-96f5-e23509a550fa", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a855f41-e39a-5dd4-80ad-5657708d91d2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf27367c-53a0-5e02-b744-1079b3a1e983", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b23f133e-a780-5ff0-bc52-ee82f83b24e1", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a490f2f-f89f-52e9-a25b-dfd2e0fd5ce6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e4da445-556c-5361-8091-bd930a0396df", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be34dc09-5692-58af-9810-71ceb4592e28", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18126c9a-1a0d-51d2-8f7c-3ad562c57002", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6473b955-e6e6-5c1e-8168-0f20ec8adc56", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb6debba-46fe-54db-a74c-1e0a0f4bc191", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b703f725-7fff-591d-8c46-787154cdc4ed", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2dedb74-7dd3-5432-9ba5-a41e10c0afd4", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:349cba31-46d4-5a86-8de3-77a1789b2468", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30375b97-36a1-58a2-8a55-271ad4a332e5", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a79c38f-6c3c-5fd5-8dbf-bba6ae599893", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e32cbf5-2616-5db2-a792-723c95f65644", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cca7543-fa9d-56cd-9075-fd298a0cfd0d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf2249f3-8751-5c12-b599-bccd8fbad387", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6bb0529-5460-50af-886f-749bfe76b6ff", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b63c52a9-d54a-5306-87f4-2d15d78cdfe6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0cdf4a77-8208-5805-9c57-0e1ad82979ee", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7ec4714-f617-5eb1-b9aa-d567bf048b62", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f5cf0c0-4b45-5c7b-bc9c-86c6a2076748", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE-tuxcare.3" } ] }