{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:217fb2c9-aeac-588c-bf97-ed012d539fcc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5790cddb-29f4-59be-978f-e7e0105a85b8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a63f1af-646b-5a58-9a64-a51889fc0ebb", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b8adc53-ac86-5103-acad-de2c81891686", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da5865ce-9025-5dc9-b64b-8fdcce024fce", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:519cb1f0-3d34-5f87-84a7-c08ea22e8e81", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c839949-c687-5351-bc3f-d8ee22955197", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1038b2d9-0f2f-55c9-879c-32103ac19f2a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf41d807-ec4b-59de-a7da-410bb1319ec3", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98f7f925-3542-58e3-85e0-286dc7144ba3", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f823ab09-ae73-5169-9816-994a54e5c5d1", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2acf34a2-948e-5cf1-a67b-7f88c757840c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c81428a9-1c7e-571c-bebc-74c7987ba672", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8dffeb91-cb69-5367-b8ae-b9c44568f783", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cb90cfe-1851-582f-a944-97bf798c4e29", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4aadb15-4dbe-56fb-ac3e-ede217fc9d92", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:afd5d11d-4279-552b-a7a7-e2a029ecf411", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48f70467-8aa2-5b56-92aa-7ad3dd7c8c9f", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-aop 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac5f6998-814b-5cfd-a555-1044883315a4", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17906584-c7a3-57c1-a4c6-b3abaf0da7e1", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9ff1f70-f48d-5f9a-8680-2a43b1ce622f", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ab918bc-f35a-5866-975d-bb2b0939582f", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c4b23b5-ff47-5408-9ca2-ae0e55965957", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77132449-bad0-5981-850e-5f1fdc8bc60d", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb6f1803-6f53-5d9b-ab1a-80bea18c05d7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9fa00129-4782-5bc7-ad5a-9923dbe8be03", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffa5a977-4825-569f-9e20-a72585b5d1b7", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5f32219-ea31-5d7d-9052-055c88c09b4c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d75dd807-008c-52cf-a296-eecfb4331d13", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:344c2001-31f5-559e-89ca-30057b5c2028", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abc5b047-ea93-583a-92e2-7306659b8790", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a73fa114-15f0-5b77-881c-34fdcdc2c836", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1443d4bb-e7c1-5a73-8572-f36aaa66c7fc", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53834eb2-f867-51d3-849b-2a1a458caeec", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6d62cf5-ebfa-58d5-a851-1de50be773c7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a22b0e5-59b3-51ae-b426-891bc5199a19", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6e12a3f-883b-5650-8b90-840ec6de20f2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f55cb14-dc79-5cbd-933c-ac9cd19c589d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1454c77d-ad55-5640-9f6c-7691a36e5f7f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b01eee2f-1e7d-5ba8-be57-023f9d90f453", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:265cadbb-d05b-5ea2-87b9-9ca81fd459af", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a7e62fe-1197-56fa-8f26-4e162ab546e9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3047bbe-1c05-58ee-98c0-a6394320e39f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91032436-4aa6-59d3-a43b-64a85c7a9c06", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83e9e781-58f2-5a11-9c1b-4f00c90a9174", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6be9fa07-d414-51c9-8c51-d23cc3390ee3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5ba185b-7dbc-5ce1-9d1e-1b1171162ca2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.5.RELEASE-tuxcare.2" } ] }