{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c3c4a0ef-967e-509d-9bfe-8e8652f9d648", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:67ec861b-742a-561f-91e1-6ff31eb637c9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42e053ff-3d0d-5791-9b38-93f8d8b17300", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cec7fce7-6052-59eb-84e7-86f4136b99f9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:309bbf71-830a-540c-b0c6-0438f02a13a3", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82990079-9882-5f7b-80ae-e4dd898c7124", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5aa9077-4f1b-5b73-8b90-4f811abf90bf", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba82e27c-fc9a-5e97-afad-a1618fa352be", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70364498-a155-555a-82c7-480d78b43956", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c4c56f9-c3be-5102-8eb1-f0e50fb65ae4", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8906eae2-6318-5a88-b13b-b46f22fae8fb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7434f470-9bf8-5c45-ae2f-98b2b06c25c8", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8543a395-2018-5bee-8f69-29a97a097484", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f5da9ee-e28e-5517-98a9-9bf9f0aa2d9d", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62167962-876b-5c41-8ec2-a30b1a62193b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4726bd1d-907d-52ab-8a45-784b26ed981a", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d130b12b-0bf2-5f87-922d-b77f193cb14d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05faf9ac-754b-5a34-860a-a271c1b98537", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e11616b0-a359-5744-b6f7-f18aa09afc0a", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0a4b00f-6671-532f-a165-ea906fad99a8", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b69ec1c-dc8c-5479-847b-8eba81e091a6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53623700-faa6-5cf0-ab2b-506a6a03391d", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d35da53-4376-5257-8255-b65c61314cb0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87e09a6f-d8b6-5845-907b-b40de5cd6747", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1344850e-8c75-50bc-8e28-88d8f9cb6cd8", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4d06a10-ec1e-5628-a78f-7ad86ea1fca1", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e74742d-0335-56e5-b9d4-f023de993125", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a11f465f-634d-5df0-a01f-ecd90b4f85b9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ce2f11a-6a41-521d-a338-181a24a5f9a0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c65ae07e-6c46-5a97-87dd-34224610f38d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9911ee49-6ad9-5ec2-9809-515aa8cc7c60", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89316d4e-39cb-5817-9b53-95c7251e22d3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c362740-703b-533a-aef8-b96c2e4611b4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb9c7831-b6d7-542c-87e9-0b20dac0c5a6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99682dd4-8e25-57e4-abc3-049b5f3c58e6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5032e75d-2e00-5721-b385-89b94103d522", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b29fdc42-b455-5bf4-acc0-bb4fd93d67e4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de69b5e6-5573-5209-9e8f-719cb6281774", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea083406-b493-5fea-a0e9-58889d518e3d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b288208c-6b50-552c-8541-7d2654e27d35", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14269412-8db1-5ac7-8195-ca6c43683c76", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e45a080-aa9e-576b-bb40-538b1de770c6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08251afa-3a6a-5b7c-8e08-9fb486a1e84a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f386cd44-e441-5922-aded-fc4e74523a3b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.2.13.RELEASE-tuxcare.1" } ] }