{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d9d2e98a-01ae-543f-b7b1-29a4bbec3ed7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be745c4b-e626-5a95-a2d8-c6daa1ef1ab5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15a3a185-2126-59a9-b7f4-c30cdd117be7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df057ef9-cbfe-5d6c-950a-42e8cbd52a7b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fed5283c-7291-518d-8939-1333f0cb55f1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3197014f-49a0-5757-bab3-e7e0047cb14b", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6de2630-b034-5fc4-a0fa-172d37e4a051", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:802899ff-d5f1-5a47-a30f-b331b19b9f4c", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19be591c-0c61-5a13-ba09-7b91a60ac203", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0172cdbd-0ebb-5d8b-bf1f-342b251cf3ed", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f3eb816-e88b-5ce5-a6d0-752d5638f7fa", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2629964-c576-5ede-a10c-bbe9da5cfddc", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5f3158d-e79d-505b-ae34-6d502206e25b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12311d61-bbd7-5ade-acc8-cabca51ae2cc", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dcd7bab4-f6e6-570b-a34e-1cf7f0d13a2f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0598c457-e232-5fe6-beae-f52d3500ecaa", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67859981-68b2-563f-a61d-a4064ae039d8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:951765ee-0938-55f0-a89d-0013bb8499bc", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f163149-cfec-5681-a887-53552305e7d2", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:213c039e-f6c0-5f50-a417-241e082ac2b5", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d9f9627-e559-5e12-b273-cc6ca2c522af", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1a6a8da-5db8-5353-913b-bcb8d54d02fc", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77f828e6-a287-5fff-a90a-badb92ddf380", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d5ef78d-5c3b-5ca8-b1e6-3c15e96b62dc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:348f22df-834a-5b08-962a-0418e86d38aa", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3de1f04-ae4f-5a1f-8a51-21b1cecfbf79", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d86cc1c-cb12-5f36-b3f8-c0108034b7e6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86908b27-e1c0-5636-ad7c-75078ac6875d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8df6c7a0-f284-5f19-ae8b-d483757f87ad", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37eef774-a276-5650-b9c8-67f0f73b8819", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b3d633d-53a8-5fe1-bf02-91c3d6ee23e7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea2397ed-1af0-53c2-9d0f-5951ffdbbf6e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41eaee15-5cd2-5e23-bccd-40eba9b10a78", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8c7ffae-38ec-5ae4-888d-79969e6f3210", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd62843c-9acc-5204-b631-16880ad6e6e6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ec83538-5562-50c2-a386-0f00257c4cc3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5462fed-5776-5c87-901e-15a5d1e621a9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87cca5f0-09f7-5b27-8bab-0065cb93027c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd8d24a6-7b3f-5a4a-b31a-dcefe92cd5c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5f09601-8179-5181-8927-084c475f6d29", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9a9c0ff-116a-59d8-9943-45edc57c8631", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01c57242-d0dc-5cb3-b120-0bcf59a5d509", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bae3a20b-9e30-58c1-b858-9352800be4d8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20a60bf1-88f9-5a53-b47f-2f5adf8e54dd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.1" } ] }