{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2a9761f3-2c46-5b27-9452-8cbc28ba26a9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4bb64a53-36b6-5409-9d03-b1d88ff22180", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:662e09ab-0bf1-5bf4-931d-d3cf99ccaae7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3d087e5-7304-53b8-af3d-f7f4fed03f7d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc52e330-76de-511d-aa25-d80198c48b42", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1132d43f-85c7-515d-ab63-4861b524f725", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d26c6733-dddd-58a1-ab3d-782df23017fb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a04e0c5-7518-5034-9b06-7cce22affa24", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0be293cf-5395-5924-97bc-bec69845898b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b71fc2f5-cec8-59af-a764-90d0241a5a28", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:390b7bf7-6aef-50fb-9d16-ba1dddcc7633", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90204ac6-06a5-571c-8064-ae12ee72bdc9", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7791168b-0159-5898-ab0d-bfb9eece7e59", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aca0a9d3-5b1d-5073-8357-643dc7e48fd3", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7782c2a5-1512-53cc-b534-56cd3c53429e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49b973b7-0df1-5f10-906d-301aeff5a23c", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7e1c37e-655a-52b3-9dc4-6198ea133156", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a466397-7172-5c70-8489-bc92aea3844c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac4dab7d-b3ee-5543-9298-dcf54fa97fc3", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf2a4a9a-bbff-558e-a20d-de629e81ecca", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee86fce3-c522-54f5-b97b-b35ffbdd76c1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9de8792f-c896-5aeb-b5ad-8cd7a9a33622", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:123fce66-7291-5aa5-9f4e-efab9e3f1f98", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:192cd96e-12b5-584a-aef9-0ade649b38ca", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6010ffbf-c9b5-5a39-9cc0-412552e4aa82", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe83325d-d2e5-503c-bf86-2b9f41d0d3a0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4942500-3643-5e5d-b193-80961636218b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28355f66-52d9-5e2b-863b-f38b031fa5b1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:968ff02c-540e-5b6e-aafd-895804c3807e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7febcd22-c564-5c1f-b67a-180178d247d5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54f9fc3c-6582-5594-ab5e-0fdf196504f9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e172359e-4f01-59c2-a61c-03a60a48b5bd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47f25a70-55e4-5d3b-ad34-45c98f1fa75a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fd9a2d8-cdd8-5316-bfcc-a816cf59e66b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79dbafe2-9081-5b7a-aea3-e32853c7dac5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbac9116-cf0b-5828-95da-77b1c0eabe28", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7e896ba-b8c2-5647-980a-2267696eb923", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a85f21db-a0f0-50eb-9a54-fa1c2f85d9e7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fee1ebab-5dcc-5e53-9c99-1b018af91626", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:783e3ba6-8dfc-5ca9-8d04-999dd2cd66df", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da1947ad-a955-5028-8ea8-456069a21769", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9793fc4f-6f2e-557f-827c-2246237443f9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:477c8b03-df9f-5d11-88e9-31e632514227", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00479f4c-6347-51ba-8b40-c4d659031ccf", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.2" } ] }