{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:70e1ce0f-12af-54f9-b38e-132292b6c2ed", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.1.5.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7854c696-9190-5c09-9140-cf07e18301dd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92d95335-1264-5578-9a9e-fbee551e84b8", "id": "CVE-2020-5398", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5398 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60ea1d49-0998-551e-8df3-31ae5ea71ac1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:142e85b8-c756-5461-aedd-86dc448ab20b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4391695d-6a7d-56e3-be1c-99b5459cb7e5", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de80546e-13a8-5c06-ac41-cafb4d80c0a5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b15a91a0-efd4-595f-8f02-534f585333c7", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf30d828-9438-5f9c-92d9-350a9836cf08", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1186085f-e675-5de6-a8fe-c76ae7af3f49", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db47470d-320b-5245-b73f-ef537bfc6cd7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:498bb199-5630-5619-b84a-d98d19c39a4f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84b6c32d-20fd-5b6b-962e-156c18525d11", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52d4bf69-a132-59d0-90a7-ef6269719a04", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cba11e6-3ae9-52f7-865d-2779c45680c4", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8050bb4c-818c-518e-9d85-c73d84545211", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93cd1e51-dd04-5660-a666-d0c35ef405f4", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09fd3b48-f2cf-591c-aa66-b38ab1d13ea1", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-beans 5.1.5.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e74ad9e0-814d-55a3-b5bb-b7d8eacad0f3", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea70820e-82f9-5586-8c5c-0cfb7fed0c4c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51ff506d-5f06-5a79-b83d-4590fc3ac1e7", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1d1b38a-54c9-5dab-9ad9-75fdc8512b5c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:348ab237-97a8-5380-a9d9-e6c987458569", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecb0b9a9-d2e9-5aac-814a-036db5db6331", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4deabd4-58d9-5f54-bf7a-10e564f9c478", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fffeb50b-42e1-5de7-8128-24f5d96695ba", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c93f0265-389a-5035-9eb4-64e45b42432d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:acd60ab6-518a-563f-abbb-3bea059ff59c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22e5834d-2281-5398-90cc-3df26d54b732", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32691de6-a42b-5382-b4ed-7b3a8e54516f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ce770b3-648f-55b2-9068-e877a829a684", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ebbcd29-8bdd-570d-8cfc-f3639ec6a95c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d270907c-5736-533d-b7da-0a65145cab60", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d42bc55c-d22a-53a0-9668-74dde224abaa", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39c3d998-aa23-542a-a3ca-7bfc867171d4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52a2efaf-434e-56b8-af50-70c89fe4b8a2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6f1a7c7-8c3e-5359-b385-c91742f8a0f4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46a659cc-dbc3-5f2c-b830-57da839be1fe", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:401ab4c4-75fd-520e-b5a4-4bba5c4a9a81", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b2d329a-51f7-59f9-a281-097a63e7e19b", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8e1f74a-c4e4-51be-a105-c382fad78450", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00514ded-4f9b-5e66-930a-1fb3c6f261ea", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00ce94c1-b911-56f9-a9cc-78b6c1a5fd45", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ebff738-a405-558b-ae78-f8f6e1df92a3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c20d5c8b-0a71-5262-9ca7-6026cbca79ae", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fb2d5b9-adb2-5278-a195-0c9cd0472fde", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c50539c-f9ce-5237-8833-387dd7d67f89", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.5.RELEASE-tuxcare.1" } ] }