{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:993e5771-273b-5350-900e-972db359157c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:58071044-b774-5eae-94b9-65ebd9eb8436", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b15b65f1-eff1-5e91-846c-95b10baf6aac", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e47d1e2-3122-57a8-85f6-ebc41132f41f", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:325ba179-703c-5d77-a090-7fdf2fe417a2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62a1c78e-7981-5035-9cc3-765de4ded193", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b380f6fb-e5eb-592a-af58-224d7615f686", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bd2fd5b-8983-5cbd-b92b-18d0866e3b28", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7edc8bce-673e-5c62-9c14-2f70782aa86f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bd05f03-4849-5141-8b43-f40b1e055ef8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c9a6081-6e29-5ac4-a429-b33f02c1e729", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc0244bc-2dab-54d0-8379-934374c721b4", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18818a4a-d1ed-526c-bad9-43f61428e1d2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9441d65d-dd89-5fa5-b3ac-c892dc161ab5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe0d7732-e31d-5687-850c-b175f190a731", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c024c18-bd6a-5157-a885-7c5706dc84db", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2307c60d-3115-5639-85fc-8ac57b0ffee8", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-webmvc 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82f781ea-d334-5db1-91e9-b35d4ea71f63", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:414ca6e9-b9dc-5010-afe5-f9587f0ba7b9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dc51c75-1103-57cb-a69a-fa58e850da38", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07d123d7-9d70-5847-b6fd-48e76a2ac5f1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fcd2ed3-603b-5be5-89a6-e4585e4cbd2f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cb0518a-31c6-55e6-b552-d0a855161f7e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:912ee33b-4b8e-5ca9-aaac-44db81db8e22", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:369b6150-a77f-5121-b45d-e66bc11d3fcb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b48797d6-ad9e-5fb6-8da0-87ad7b891149", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.1" } ] }