{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0b696e26-d07e-526a-99f2-5ad16ade6a50", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-web", "version": "5.8.16.tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:60e1d40d-6140-5479-a454-131b50077449", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c8444d7-6b00-50bd-adb9-5b69aba45cb7", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14fdb82a-a303-552d-8354-298f9ef4e53b", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69a11a51-1871-539a-b68f-8f53cf46ba53", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-web 5.8.16.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9606672d-ecd9-559c-9f4e-b44d999b98ed", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77e90e32-14b9-590f-b89c-719329a647c5", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caa371d1-c5ff-5f3c-b27c-07c526344e0f", "id": "CVE-2025-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22234 is fixed in version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f9bb942-7f3e-5b00-b71d-fc7f83971ed1", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-web 5.8.16.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc0cb7e6-77d8-5860-9e6e-7d2ee7736bf5", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9ce2949-c585-5a77-9f8e-eb01e5ad958c", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61c659b9-2f69-58b6-828a-3731c7235b1a", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9678e99f-bd5d-5c4e-b145-cda59eebb1ed", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7049cab-bcf5-5aa6-bf11-24ad46eea8b5", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12ebf078-d86e-59a4-9ddd-d97b92d4d949", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-web@5.8.16.tuxcare.3" } ] }