{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b8f2bf01-7cf3-501c-b5f1-f2723bb65f62", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:03876363-2860-55cf-b3fc-e408fea21b2a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:acafc5c9-a2ba-5e43-a090-cec4830392ce", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb8586c7-2903-5d17-9fbe-117cdbf3d7eb", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c64a08e-ec45-51bc-a5fc-09d9904df4c9", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fbf438a-454b-5df4-8f46-20e61f19818a", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6da1b1a3-9cf5-5c10-bb18-aac5fdfe5957", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bd4f199-0430-5fbf-bb48-969944e42217", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d26d39b5-dcbe-5b23-a372-ee44188ccc7b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c6d4a59-7afc-50ea-93fa-19b132c9fb49", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f55929b9-263b-579a-9cf0-eee206e7704f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6968f9db-9ec5-56a1-953e-f0e279019cc8", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f4c7bd6-92cb-5a63-a26a-096b049555fa", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb67b318-2da1-5945-93ff-47c2f11ea82d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2fcb65a6-367e-5e38-87d2-0c76a27b7a11", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:297ed2f9-c90e-5a8d-9ecf-ebcd960d9bb0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d886580b-01b0-5792-8b99-7d5fa49a650a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e1fbec1-6c0c-542e-97ee-e116824eb931", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79901ad2-3c4f-56a0-aac4-05779f59bd91", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4acbbcce-f5ee-5de5-bcd2-1ec581d5043d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8dfc84e4-ee93-5b90-8440-4ead96dabeab", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8aa8949e-3c37-5ba0-8295-4b8528bd9a41", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42ba5030-a5f9-513d-8b30-8519c0fc9e49", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0fb960f-a541-5b24-9c14-0e57448e9815", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f01613ef-4aa4-546a-a1f9-86034ae3aa3e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d5d7510-a2a6-5b67-b34a-ed684d6a58b6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae8358f6-a022-59d6-9f6b-e87ed0e70f12", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d07d755a-42ae-58b9-8c87-c8c93702d445", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8b67689-c735-5782-a77f-8bb3f9ac5d4a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ebb7db9-4314-5883-8609-ccecd5d5e800", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:190ca0a8-7ea8-550b-b69b-5e58b35220e2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b4858f2-cde5-5f1b-ae8a-24cf497fc9c5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54db754c-ed7c-5bae-91b4-a014b9605415", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8bff28d-d9a6-5679-b324-ec2f5fd11b8a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d952cb7d-9595-52d1-888b-c68a56dedd39", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d85ed627-f643-52a0-8b48-97509f5c44da", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3206955a-b207-56cd-949c-a6ab39d6eefe", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4dab3736-389b-54b1-b9eb-b19b460c921b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5894e881-807c-5148-84a6-9f1fe781669b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d0cac4d-d3ee-5741-86b1-735e6ddab666", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:416f08c0-d0d8-5ae0-b41f-645890a9753b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d71c2117-3c32-52b9-b2ad-2b1c75910f33", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8db14e33-05ef-52be-b454-ba1d7dd2cdd2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3feb0d93-9aa2-53ad-8e15-5860ba1537fd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.2.13.RELEASE-tuxcare.3" } ] }