{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e1f69802-5af5-55f8-a082-4ae466bac7e2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.24-tuxcare.3", "purl": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f3f3c757-09da-5f1f-8130-b54f5fd63b48", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f13a9a0-27b4-5590-8ab1-37388c3a5d03", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1cd3ee4d-b233-5fd2-8ce9-57ac6a45c242", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:916964d0-ba7b-5d90-a2f6-99d1f72e452e", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f61f05f-66df-5b70-b64d-ff1ba9e816e2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3088bedf-1b0b-5efa-9983-bb77fa05276c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5369a45a-abf2-505e-ac41-6c9068bde296", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85ec78ea-d078-56ad-983d-7bcab7bdcd96", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:272a4dbd-f84d-5572-b7ef-998eadcd813f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57dd67fd-4eda-5f38-bd71-9ca5ff841b5d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ddea4c2a-36a1-561b-b6e5-31b0fca1eb97", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf134d72-7d83-56cc-baa1-8dcd65f0b1e7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:054e222b-1d9e-53ba-89f2-a0bbd93654c0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d1d6e1a7-688a-5ee8-965d-d25583515040", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da175b8b-488c-5161-965b-3020a6012287", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caabda98-5ee9-5482-a426-9baa26b29ea6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d48326a0-0506-510f-ac6b-494b7c290f31", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffebc009-f7b0-5400-94d5-3fd9eacc6203", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f754d431-5887-5dba-9bd6-ad1dc73fb7bc", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68081f29-34b7-561d-884c-c72b1616a77c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0003141c-af6d-529e-9ad8-d4cefd236877", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:136b185e-9c35-50a5-954d-62f7211b54e9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54c6b372-3e7a-5370-95bf-73de97663a70", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8d958ef-0355-5230-9906-95b18d4e2ae9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ac2bbea-d118-5662-a304-01d160d9e8ce", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.24-tuxcare.3 of org.springframework:spring. Patches already applied: 7052da453285658215efc1dd5ecb0d472fde2de1 (already in target via 2c11852775 'Backport CVE-2026-22740 to 5.3.24')" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca96b760-878a-502a-8115-16542564774f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f90db3a5-7f67-5d14-9361-298bc2dd7b41", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44b54f6c-3a17-5079-aee2-5e34f4c9c8cf", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f4d03b2-d166-597c-abc9-cefa23e170c2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcc2ce59-fe33-506e-9105-b93b1adc2d52", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3323844f-7c53-5e44-9682-50bf5ac89af0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:281e17d4-444f-5834-b630-435bb9df3e11", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5048bd2b-2252-580d-b539-0144c5ef0926", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89f192a4-6cef-5592-90de-62ad6740ed4f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf53748c-96a1-5220-8bca-e2f820602e6b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc13c149-f951-52f7-8485-42a3bd95c99d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:25514c96-dfc5-5a21-abee-026e734e3325", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0540e3b5-57fc-5cec-90bd-50bd69e23670", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db70eb39-5691-51f1-840f-c2ac13d3dd51", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.24-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.24-tuxcare.3" } ] }