{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ac3c3dc2-4a8a-5d7a-b6da-c73a96ba0fef", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8191127b-9d03-58ff-a43a-8c93bf82dd30", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe8df15a-b54e-5ede-b46d-2402ebcb4e98", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c350e684-0412-574c-a2e8-295ee1607c76", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e927712-8689-5e84-b551-214dd681b298", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e9cbfd3-7678-55ba-8dd2-164ddce6abaf", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ed70642-b253-5beb-9262-8ff88bf7e1dc", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3afc1c4-25e4-58aa-a5c7-44e46df55b6b", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:517db7f1-ad0f-5747-9769-aec516723c56", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b89356d5-265e-55ac-8a3d-fc989d324701", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12108954-7ecf-5b97-92ef-81c2e5417bf4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5a50cce-53d8-58a2-be21-18842898d179", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f983e0a4-b501-5001-920a-3b94ea184cf2", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4bac55c-add4-5082-8400-c3cc4d0c9402", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc8bb6ba-5dd1-592c-aad9-4ec9b6472d8b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55706b0f-d797-5f74-bfc7-e9949938eeba", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e83f968-00ff-54f2-8455-95cd01e9e86b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:398c1fcc-9b2a-5b58-8f58-761a1a2a4cc5", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eeda00a1-bb9f-51c5-90be-2fdc04afdff9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63a5959c-3cc8-50d5-ac27-cf477799eb17", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a659670c-cabe-5f3c-b9b1-95077290ff80", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:517467a8-01dd-577f-93df-97866aed5429", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:115daf9b-2a3f-5c3f-9088-7da6f4311b47", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b015dde-8328-5736-80d6-82f071963e30", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:891995ca-1708-5555-985a-1010f28113c1", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfe5370e-1c82-5ae9-91ae-babf868df4bc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b828221a-64b1-5096-a142-d39e35df7f36", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de75680a-8ddf-52aa-94ff-06fdfc7a2c8a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:addb730e-664f-5676-ab6b-94a8dc6d794a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77d1e872-f33d-5a55-bb89-8e8618353c53", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48ecdcc3-82b0-5353-a7dd-f1bcacc2fec0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3788260-e91c-59db-8665-6ab0d2ee4637", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79fc9cd7-24d1-5697-ac16-1fd0a9804275", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fab63e29-0e37-5c50-82da-13745b53d8aa", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69179a3a-881c-5411-b905-87e9337c2561", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f058e838-8767-5dbe-929b-10841a9ede27", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3145f4f6-8dbb-528d-bf47-b0ba46a50370", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5be6899-bfad-5969-86fb-160aa2854638", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54ce27ec-0c7f-52a1-8377-2e54a122cf37", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6f99422-b942-530f-981f-bf32dbd73edb", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b21aa6e6-6df6-588e-b560-3973e6541197", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f41dfcf6-1292-5dc7-b495-8259bd7779f7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97a8da11-e7eb-5692-8cb9-6817fe1555ea", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:675c5075-b505-505a-b499-e1c6495dc41a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f0a3fc4-51dc-54c5-bf92-19b147a5c5cd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cfc2bfc-6588-5f9b-9ce4-bc8faaddc75c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.2.0.RELEASE-tuxcare.3" } ] }