{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:12396f0c-43a7-53c5-a575-427644a0a0cf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-oauth2-resource-server", "version": "6.1.6-tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:05d30766-7544-57a6-9102-d64721319135", "id": "CVE-2024-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22234 is fixed in version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c90d626-7eb5-565a-8ce8-1fb20db19696", "id": "CVE-2024-22257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22257 is fixed in version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4fa59731-f154-5521-b3c9-ad368f49c517", "id": "CVE-2024-38821", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38821 is fixed in version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11cc4f51-8878-5b47-bea8-9ad2eace3b86", "id": "CVE-2024-38827", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38827 is fixed in version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37e416b7-d991-5c6c-aeea-245e056c77b8", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af8cb65b-9a55-5b01-b31f-1292681dc070", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c91ac840-ab10-5f98-8fc5-a9aacc9b25d2", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0eb6960f-2ff0-5516-a0fa-7f461075814b", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a894a1e0-dabe-51c2-8dc1-6adc638fd7b4", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9376078b-c186-53e5-ba26-97b0a6cc625f", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b7cb9a6-a06c-5ab3-aafc-0b7e50595248", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.1.6-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.1.6-tuxcare.3" } ] }