{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3c6082c6-72b4-592a-adbf-36026af99acf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fa483f58-466c-5781-8617-174c0a2b783f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8166391-92b7-535e-8294-00628b06698d", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:244558f6-b882-5341-b49a-487cf6d5bdac", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44b44a00-e79e-5e4c-b7e8-7a18845b0da8", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35fceaef-8467-5317-bb53-f090b442a9da", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d54d291-3300-5f30-8ae6-5d571c2e7bf7", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77cc01ff-3128-569e-80a3-3da2c662fbc4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56df4d8c-c1d9-51dc-a9d9-06365671e109", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4808db9-4f1a-559e-8741-ee023a90b554", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75b4c3d2-7d40-5547-a0be-b742ee2f617a", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73bc8105-97d6-5867-addc-bcb600557837", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc0a9380-9c21-5c8a-9e77-e34800298f3c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:295fd23c-2531-575c-a4d0-6718620ec49d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b4a4cce-dbac-5ffa-b5e3-57aa426922be", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44bbbfe1-4670-5196-9aec-598b7f804cf7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6b6225a-e5b0-5a13-8b99-09e85e593c2a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17b3484b-fbf1-5a90-a623-a5dd035604a6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bfd33449-fd59-5dad-8fb2-865b33a5aa45", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d89f9658-2d7e-5878-81b7-3a563668353f", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1be2d9eb-f0aa-57df-a6b8-d2cdd0dfa3a4", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15aa87dc-b1d7-5f32-ada8-5ea5980d1521", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:019f2b5b-d4a1-5787-97ef-06592ff38faa", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d54dbaa-4f37-5c6d-9c24-f60841665015", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91fbecf1-a60c-5dfa-83b8-760041c395f8", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac731ad9-541d-5b6b-919f-1d6caf164776", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b63e40e9-f2a4-51a4-b4a6-b83d0510783b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1548047-9c0f-51be-bd12-f86c8a5cbfdb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:edb83d3a-6563-5a14-8351-25e8473a75c7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b2018fc-bcd7-5c42-9ea8-3113049f331e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d1942de-a181-56a0-a598-aaacbf2073bd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aca3b988-c5fd-5c46-884f-cc180e269e35", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ed4b89d-a344-5982-80c3-141434cf6586", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebd3ad3a-c357-522e-b168-8d366c8d72c6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee26e9d5-1d9e-5b40-9761-687135d539bb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0db3de05-e985-52f7-bc64-41207056d353", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b0d6e32c-bcbf-5892-98d1-326f4551ebcf", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53bf08e6-9b7a-581f-b813-627e12c3156d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:808f7009-6d64-549e-a8cd-bbb7e34d6a1d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92e40a38-02f0-59e1-8750-e3b8fbc999b6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4d69033-e22e-536a-ad07-7386ed067540", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd06b899-eb99-523b-8052-72685d3425b3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0512fa88-3101-5af5-ab8c-8f85c91779e6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1fb7b1ff-1570-57bf-be16-dd9a002d346c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.2.13.RELEASE-tuxcare.4" } ] }