{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9682c9c1-59cf-5461-9bc9-625a7e5ef0b0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "6.0.23-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d46b38d8-4380-5d3a-ac54-f328334e6ed2", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78a2a8d3-5a9d-504f-a886-7688e53232b2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:347f038c-b6e8-57be-bc5a-9af131ceefab", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4debf7e-e3fa-569e-b553-b9dfb5a04de1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b317603-eab0-5aff-ba31-a9889c85f6e6", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:415985f4-fb1a-5640-b049-83ee658700f3", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4df43533-e1a9-5fbe-99ad-918fdcbe61a8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a55c68aa-ecf9-5429-95c3-5fc463f8c7a2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8ab7902-72f1-503f-af59-504f10b6205f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:febebcd4-1d81-5230-aa90-131d2fee5ec4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9153fdc4-5a1e-5c33-9056-657b06b78ac9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4f8ec23-56ce-58cf-8a8a-4a834fb0ee14", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47a17970-3d0d-5d66-b50a-8b93d9fa1cc3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.0.23-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@6.0.23-tuxcare.3" } ] }