{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3ec227a4-6d56-5624-82f7-eff5e82e8ec1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7", "type": "library", "group": "org.springframework.security", "name": "spring-security-test", "version": "5.8.16-tuxcare.7", "purl": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:38473bd1-abb5-5dd1-8a3b-115225f539d8", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7c8cb7b2-0896-5a1f-85ea-ee181c317981", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:294881c3-918a-58ee-999f-aeb8bde4d46f", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:87a51deb-34af-525a-accc-129b605400a5", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-test 5.8.16-tuxcare.7." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:aa545c49-6864-52c6-8a08-b6b5ea62019e", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c90d6227-3dff-5e20-900f-0b0e5b186426", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6d55f3ec-5c26-5bad-b0ce-fb004511e8b9", "id": "CVE-2025-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22234 is fixed in version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:516cfa8a-f504-53e1-8148-65976128ea4a", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-test 5.8.16-tuxcare.7." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0e598b1a-5ff2-5e1a-aa96-680de608af5a", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6fa23933-4d5d-5f80-9eb5-02b924e843ea", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dfe73019-9f5e-5d46-b2b0-7430f1e726c5", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:605e60b4-425a-58fb-9031-2c2efa15d5d3", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f73426d9-a07c-5604-be6c-0e415ddccc16", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:139ea07c-b467-522a-8c63-1d0f11e97115", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16-tuxcare.7 of org.springframework.security:spring-security-test." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-test@5.8.16-tuxcare.7" } ] }