{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:54ac2cb0-5b38-5e3d-9cb8-50e7cfa14528", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:336019ad-bb82-569e-b787-7adae275f7ff", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eba5dfa8-1601-5b5a-899a-bb3f469a0d1f", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8ef502e-4b46-5ed9-b501-620c088a867d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dfd0105-62e3-5d1b-86b7-915f8e8ddbc4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a273a71-9053-53d6-bcd1-0cb56109331b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0adf8544-8029-57af-994d-d20ce731eb3d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71f00d29-02a5-5391-b759-a996a141b87e", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3c3d7d4-cae5-53dc-a198-b0ad10f4d32f", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0422faea-cf1a-5f97-b513-086a76460824", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1b3ffb7-d049-5069-b026-818123413117", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de724b8c-4377-56ef-9da4-bb0571af00f9", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9868ced9-6bcf-58da-8bc1-348f744e87de", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b91b355-01dd-59cf-b6d7-f8d109c06259", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c433114e-179b-543c-8e51-90d995f7a421", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a4d9415-ee6d-5fda-86db-53bd795f6f0f", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9dae4af-2542-57c0-a7ec-f1ed10b7cc40", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4b6dba9-4663-577a-8a71-feec434da83a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:641c3da5-83ab-5026-a874-fd446f429e4a", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4065abf0-3f93-5e4c-8979-1917d2654174", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad83d201-ef95-58ad-abca-44c333f1e5a9", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb4c1a3f-f952-5788-b47e-c3884f73cc7d", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e866192d-ef0d-5e69-87c7-62f682434928", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67cbdcd2-d7e9-5057-94b2-d21995cb257e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d82a1f1-ddb2-5550-aae4-7544f2dba57d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53fdee3e-9bf9-54ca-96e9-b1c9037b7f50", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad01db0c-c64e-5310-a367-9dc8cdda2b6b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1d565fd-b5d2-5e74-bff1-2f8a1d9c70cf", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12b53258-58db-5412-9d55-2df3c43b8783", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da2c086e-fbc0-5fa5-805f-ae917d66ea3f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90314f73-01b9-5b09-bd6d-0b1fb98f034c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51b28ad7-aba6-5c08-ae11-92122fe69ed3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01ba1bb3-898f-5875-a1bc-ccfd02d54e33", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d085ff68-171a-570d-944b-8e0f80a607d5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6715ccdd-283c-57bc-8b59-da94595f3236", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1efab596-72bb-5172-8f66-d696f05d5da0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca25713b-0d03-54cd-9257-8096c8cb68b0", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a14b0032-9def-588d-a2cc-7b00cfe340e3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03025107-edc9-537d-9a12-163caec42e80", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e368484-5a39-5cc6-9c83-3e3342a4b73f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45795d8d-cc97-5726-9c9d-f024beca5e60", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbb66cde-d65a-5d3e-8c37-40f637437c7f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a590e0cd-a17e-581d-9eb6-4efd0daccf32", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e80fcd88-41ae-5262-a277-61989e501ed3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.2.13.RELEASE-tuxcare.2" } ] }