{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9760711b-9b4f-5c51-b71e-8f4e4105cc76", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:33639ec6-7b92-57b3-b950-2518f940f424", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08745abd-cfc8-5f32-885c-4163f31431f7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0d35b69-4bc0-5776-abdc-909397eb805d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6fd646c-2ee8-53ce-97d1-6728e328a5dd", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:646d1a89-b201-500b-82b2-878c7299cdcd", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd1df845-de5c-53e0-894d-d59b88b17559", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c58bb1b9-ad9c-5ca1-9a6d-005092ebc72b", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d796d5b-78ac-5a32-b1de-f2b3578adf2d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77879575-a5a4-576a-9086-1499a2e68bc8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f6724f0-9764-5b41-950c-c8a2a134b4ad", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d096420-2dcc-5589-980b-2100cd714eb2", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be3357ab-1691-5d2b-bab9-85ab4914eff2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8efa2442-0b25-501f-8abe-876b55e0495a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:740b256a-33bf-552b-bc67-311a14079b9b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16aaeabe-91fd-571d-8d03-a6259a6b838b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bf1dc8d-ae15-514a-b9b5-162ba190945f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99789844-a59c-5db3-8aa6-eab307512ffb", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f17654a-5628-541b-bf65-36335f793ccc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec87fa25-051a-55b0-af94-59bab4cc94e6", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae497c8f-0b21-5e9b-9538-69d0e8ee5be2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3e040bb-c5ae-5f22-9793-401cceba5c37", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:651ca0f7-e81b-509d-b454-d71b6d8bce72", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1edc927-2cbb-5657-ab4d-563d3e4c6dbd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13ca38cc-6463-59cf-a8b8-68bf1fbfa521", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8355b979-3f63-5beb-8009-d03b1a02ee76", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c4f0562-5740-5f55-a357-cde87f37f462", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f6b30fb-420b-5bbb-8ee3-c7ea49bde26b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6065c6b9-a625-5e1a-8192-c035eaae03ff", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae7b6e73-05ad-5ba9-b66d-c2dd733a22f5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c5774e4-c13c-5daf-944e-4314ab8511ed", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35221454-18b6-5ad6-a17d-ea0f583f0cab", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efc98962-f223-5c63-aadc-b5e628547243", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c94e29c9-b8b3-574b-aff0-3dfb5d13c4c6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c286f5b9-fac9-53f7-99c6-a07199a8886c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e0cb4f5-2e02-5da4-8eea-ffcdc739b585", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05ae6c0b-33b6-53aa-879f-9822ffa71ca8", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:764bd298-6448-52d6-82fe-6c4b8adcba33", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff26cdd8-1fa1-595c-b345-0e4abaf3f310", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f6c389d-550a-5b34-b2a7-305dea2973de", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a08b1c2-3736-5bb1-9ddb-30607aa49d16", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65a82a6a-bf9a-59b2-9514-21b668c80282", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:deb240e6-3386-5ce3-8a18-5b938287871c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e9811b3-9e71-549b-8307-ed13c781b0d9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.3" } ] }