{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:efb90d24-2f57-52f1-a836-213012b585d3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bf906855-9587-57b0-8b6d-cbaf7d7689da", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3b463f1-476c-5166-a8fd-df9a21895bd5", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e454c6c3-91fd-593d-9d6b-6402dc40e6ab", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a28de518-418e-51e6-b928-55309365933a", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5288eb5d-e63c-5537-9e50-8d6d97e3e552", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fc297eb-57ee-5a62-99b7-5f5d90db4214", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0252fdd-0cd8-589c-9dfa-316734b8bdce", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e21cd2b2-a2dc-5888-a4c9-46dc27b0c2ad", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1510cd6-0060-50f9-b349-f204ea7f8f62", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b40c440f-fa1a-5740-b69a-bcff5166b41a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b90869e-2538-5860-9273-675457166d39", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:574092f7-c5fe-5a3f-9fad-03e6933a637b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dcc04b9-3fb7-59b2-8e81-d14a069b6eaf", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1959a686-5d7e-59fe-895c-7784422994b1", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1274671-b63f-5f7b-9ca4-0ed7ac71ca95", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3bd242b-b396-529a-b44b-d78eabdac754", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a2ec6b1-664e-55cb-bd3b-cf08c747bafe", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84d07e14-7f56-59d8-94b4-b800aa227686", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50144006-b7b0-57bb-bb5f-419da9b65c93", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9794c5b5-f3ee-5f4e-80b0-bc3488571d01", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3b80ca2-3cda-518a-ac15-c5afe390452b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:222dd91b-a1e0-5a61-93a7-97d9cacd96f2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d7a6c6-fb8c-5254-b241-a1e936c87d3d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d73ca92c-0797-577e-9478-c0daa02f1028", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:597bc2ef-9ee6-5aa2-890e-13ede408d098", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31008273-2ae3-54d0-bf7e-83d6cbdbb478", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bdb974f-7fb6-55df-9990-bbd3a89f1a6f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff240a77-8d58-5660-800d-d7478f853fc3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a775354f-24a7-56c7-869c-8565b3e0c137", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b47511a5-04ac-5abc-8305-ff2fffc547fa", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8256a5f9-ebf4-5e9d-9c38-ce108e5e8b5a", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93c9c40a-71fc-577f-a237-acb3e1fef635", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c5e005d-8533-5a69-8d44-293b6bad4708", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19d08f15-6c59-51d3-80a6-fe1df635d7d0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18a4a0e2-a1d0-585a-9890-217678bd5cd1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a78c9f9e-aca2-5459-83a2-3c4fde3a6c18", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f273d82-afa8-56e0-8916-b027b081db11", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce964069-df40-5008-a8be-956e6d8bb854", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25f18cb2-5591-585c-83d6-881799bbff58", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22e5b888-b0cc-5b78-b04b-b42aa2d111a3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fdeaa4a7-5f1c-533e-99d1-9325220b7a21", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51f09e9c-04e9-5597-872f-f1bd0558c94d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2c64836-0f76-5dfa-ba8a-af04920fe659", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8cc4ad3-c4eb-5daf-9a5f-eef52e02991f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c5be764-346e-558c-9f94-7a968fa1c231", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.2" } ] }