{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3dae84ea-cdc8-5d3b-9365-4075aea537bb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.39.tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b42a9dfa-ba6f-5c6d-aaab-16e342438466", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc3e3b9d-fa0c-5c8c-b241-070e88082c0b", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.4 of org.springframework:spring-aop. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fdd08500-cc04-5b14-9aec-689802f88db1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a24fde38-b0a0-5f8f-aa20-6b74b32b3f50", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:282c522b-8674-5afe-8d94-4d29518dc686", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb47efd5-dfe5-555f-8934-5c8183e6b2af", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:371440b7-32c8-5242-abdf-c0d9e8183c71", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb3e18c5-c75b-5e3e-9107-de9115bc8cd7", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.39.tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49a0be0c-43df-573e-9ffa-b4f106514b2c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae1c6409-2e47-53ac-9fdc-245421ffb746", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e9109a5-6c14-564c-8e27-4700a3eded42", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bf0c0ba-4a89-5117-b666-6238486eca8e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91818acf-0366-5812-aa88-30d4af50f444", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1178cead-53e9-5bf3-8b74-c92d196790c7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfa25489-54f2-5cd2-979a-a5ba62fac539", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c078f175-e1ea-5229-ae9d-3b9599c2c837", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.4" } ] }