{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:09449d28-2048-53ae-be1f-df2cd2167ec8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:65da944b-75dc-5031-8922-0f0021b7b23c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad1d5d22-dc60-5134-bd77-32c18cc7b41b", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:205cbfc0-6637-5440-b53a-b12c576ca2de", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d08a9c6-5104-5ea5-8ab4-54e3cdd5a6e8", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81b41460-1478-5f87-be8d-94503b34ebfa", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7182962-d2d8-549c-93ad-7c1fa8d7c333", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15e02766-cfce-5e63-8c63-6819efbae910", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5b82ee3-e053-520b-a19e-09b3b2d5fd22", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d239aa3b-13d9-56f0-8ffc-72979ce30d38", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f48af348-dfed-5754-85d9-b7526405262e", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1588dfc8-293d-599a-8286-d065a8e09bd2", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:349ef337-56dd-536b-9fd2-2dcc60bdb98e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8cc8db66-75db-5e40-bd6b-caf8a47fc507", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b38f01f8-ba92-5e29-aebe-fc09a557f8e0", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fbf4f3f7-836d-5d1c-95a6-483f40596748", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e8e31b0-7fe6-5781-93f1-6d6c2fc1d4ce", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a47c145f-a5e5-5e7f-bd71-2bc3907c4c6e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c177c261-ba6a-5e5c-a0c7-7eb8c12e98b9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93ab1fc8-dda1-5c0a-9d7c-53867adb7750", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:acd9d818-520d-5182-b698-6ae26388cd01", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45d1fe5d-e47b-545d-8a2a-4f7d8b3ee6c0", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4ebd48d-bfd9-56f9-a5ca-36a36c0ac33a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78250027-efa7-51a5-9f3a-4005bff727e9", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c690e61-4ec1-5d28-a7a9-af36cb127006", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b8b1f46-8d0b-5066-8d19-a36daa539d06", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae1e3ff0-43b1-5244-bdd5-c52434c382c3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf2770c6-22d4-5056-91cf-91a399a6481a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54693b07-0aed-5701-a11c-b9d36258c471", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76404815-8dae-50bd-8f97-adf2cb021cb7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88b4eebf-487e-5d46-8be9-609ce455e359", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78664c21-37e2-5db1-8804-c76ac759f8a4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34dd9a64-77a2-55fe-a199-de6241691ecf", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42df4a4b-de14-517a-a1a1-fac168a77703", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:542554ed-3187-5cc8-96ad-136de279e683", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98046dfe-6b8e-50e0-84a2-e9ec66f46453", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b022feb-e281-5111-8543-a73ce74318da", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc5cb1fe-2907-54b5-8619-3e18bb0187f9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0460c3a4-7fd4-568d-9154-031e64233727", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0e1faa3-5e47-5365-8615-8d4300c5eb99", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56e0c5be-d94d-57a7-b677-f937a38cb6e0", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69e4a79c-ea62-59a0-944c-e293bac1ce54", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d8a16d5-207d-5836-87dd-6663ce8327d3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20538be3-60d9-57de-af0a-9af156798504", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.2.13.RELEASE-tuxcare.4" } ] }