{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f3aa3666-794c-5dd2-ba1f-6271d92cb5e4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.24-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f73b702b-b2ce-57d5-8d97-e1148b6976df", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a08c2d7-7a57-5d6d-8699-aa44f4c9b9dd", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1de58978-1aaa-54eb-b9b6-ec5e0e016a56", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34ca35f7-73ff-5ad4-96bf-433f7265013b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4dfee7b-ba1a-5769-b1ca-37f54e7c3372", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a63b9f86-7d2e-5e90-852f-6cb4f2fb15cd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59206a8e-b597-5288-af54-cf7b94fead89", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5237b44-26e4-5daa-83d9-f73493d1bb9f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1efcfbba-1d64-56ed-a1a0-baa2ef53f023", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64de5f4c-2ec3-5dcf-b8f9-c236a830ce7a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a6b7a91-dbb9-575c-98a9-f80242931892", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:faf5638c-86f0-509b-b8c7-e752072b9e56", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bae9b7d0-0f84-5a5d-8006-3dd669fc9ca3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b0ea14f-2004-590a-a8fa-b8e2a4b91af1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ded93302-7d18-5719-9d02-4d20d011c73d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d31fdfe-18f6-5bae-93c2-0b6b6acb9ad1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3bd7586-0e8c-5f35-b555-17046a91e974", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b186532d-8732-55a2-b2d5-6d1f2c309432", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:545af2f7-f74e-5b65-9fe0-303e0c3c3934", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b35db4d6-4ee3-56a8-be2a-240bf6d02895", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c2fadbc-f48d-55f1-b7a1-56441caa5758", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:950dd920-ce6a-5d09-ae28-b3fb8fe9bdc4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4af9ad0-47c5-5f59-aa65-0ef1f7d98009", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3686d4e1-c2c7-56ce-8e02-cdfe0eb6fe53", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:622c5795-a3b4-5831-9567-2f32835be8c0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc. Patches already applied: 7052da453285658215efc1dd5ecb0d472fde2de1 (already in target via 2c11852775 'Backport CVE-2026-22740 to 5.3.24')" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fda3ef41-f53c-5266-a867-d9e12be981ea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be0e605a-c6e3-54a2-8330-f6788ee5cbe6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d8da17c-b200-5f74-afad-28ab78b76488", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:522e10b9-56a9-5b6f-a9ae-28fc1b954dc2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b550af1-3147-5c53-a921-9c41be88411e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a09a16e5-f809-58ec-bb72-584357d5b39e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c3b3370-9e62-509c-b776-9e22b9dd4a2e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5242fd5-8712-5c7b-bba3-e93f853ae5f0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c74c0965-ff59-5e80-8564-972ab1d0e94c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d680419-cab2-518e-9a0a-b68c85a4db0c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:573ac91d-dde8-567b-a9c7-fe1b8b5bfad6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c90774b4-a382-5771-a37e-98c0faad2fee", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf920a9a-25f8-59a0-b1eb-cbd90ee2bc58", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef637686-ef00-5ed3-9a6b-f1b1390c04a2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.24-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.24-tuxcare.3" } ] }