{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5d8b938b-1dcc-5278-b518-2c5151d1e3b5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:85d29437-5aaf-53e2-8c42-72058dc6d407", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f2095dbd-0c99-5684-9545-5309326b3ace", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:85700e1c-c0bd-562f-9443-ea2bba0a993f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3afdca42-d973-5e3e-8184-1d04e829bafa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6c338034-88eb-5066-a27e-05d79630244b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b2e5ed86-1609-58a0-aa95-2ef7e047d8ad", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5b01735b-b6f3-5437-9f6a-8ffa76055d77", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:059cb9d0-5f51-5a63-a8e6-456c3d56cf78", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:73e11b7b-2731-578c-8e9f-931844ff14f6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:68709a9c-73f6-5e0c-9202-1fd5f285f2b9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:dba8529a-07c6-5cb6-8b0f-274eac2614ad", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c7823a56-8b62-5311-8316-5b5787d5339f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c8a36c5c-e1cc-5c5e-8ec7-0921f95596b4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b2396878-bc0f-50a5-9aa7-68dab3a1d29f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d5483768-8b5b-5b17-a841-04337fb46ea1", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:09a8384e-3cf4-5cca-a524-918073012e7d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.39-tuxcare.10" } ] }