{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a44e1fa5-a26f-500f-b57e-fb8e46c7dd5b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:539d669b-22e6-584c-bf98-4bcf53ff4e55", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc9314d5-7080-5798-a214-d325f9f787a9", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9f083fa-a8bc-5ff2-9c75-fca29d46b5ee", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f47de0c-87ad-50f7-acac-fc51e785c2fb", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0838e74d-dc92-5a95-8a19-5d44ffa08848", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d15a2fe0-571e-572f-ac36-12df9a499ddc", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48ea9004-2436-524b-ae3e-16de943c1b78", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f751107c-bb68-56b3-be58-d69b38ca84b3", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ab8668c-975b-5e64-b13a-b5bd3445eba0", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4f9b64c-ccb3-5bc7-8776-1334c3d72eff", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27a85dc0-66ae-5b21-a7ea-be5b04dafe1d", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f71dd44-19de-5ba7-b7bd-2ae4d519525e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31d3ba8b-cd62-579e-b948-aec569d1e13a", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c62baf67-5fb4-591c-a254-a03bea8fa7dc", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b10ba33-fba0-500c-9417-d4b7c81ee40f", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc9056db-2fc3-51b3-87a6-bee87ae41ce7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eceea6b7-db79-5eaa-85cf-3962f19f1476", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:585b0068-45e9-53af-bff8-1f34d9d6cd93", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87299266-fa9b-54ee-a85d-8c03bf6a6f68", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ec969f5-eb7c-54ee-acf6-d43e73f76709", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8515ae9e-d3de-5bcd-8214-4b598daefc37", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c714a957-d68f-5ae2-96a8-755a79df205b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d997d38-95cd-52f0-9ff3-0ea63fd1c577", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94c03978-0389-520e-9111-cd7ed4b64803", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96474051-7500-5c8e-8b04-3523ea833874", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da02ebac-4922-50ee-abd0-39caa08bd217", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6961968-218c-55fb-9db9-ae995f13be1a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f05c6bc-e139-531e-812f-4d955848deef", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f0034a1-5e89-5937-998a-cc75173176d5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:add03560-f822-5e4d-aba8-0823762f3339", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fd57f23-bc9e-540d-b211-ea2ae0d18527", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca70eedb-588a-5ead-bb1e-4c428f301f2d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b78cfbe-1ace-5e8f-9c4f-57c8fe79fd9a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ffd5506-51fd-5361-a679-5422a41b2759", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c93a327-81ef-59e0-9c9f-94707456b760", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe1fbe7d-1361-574a-812d-48dbb13ba9d1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf3ba01e-7530-5adb-bf46-9da597157be8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a34443ce-e7c3-5faa-9fb9-35bf3262d19e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb29a0a4-a281-56d0-827f-cdac05118675", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d1f823e-db0f-5899-8735-2c94d20f3d5e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edecb1d6-3816-5abb-90f4-7b8b8446291e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e13da4c8-9a66-55d3-9ba1-d3378f66e784", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd1e65b1-bf63-5c28-a31a-2aa244b7fc53", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.1" } ] }