{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b6e4fba8-cfe9-5cb7-abbb-20501f17a1b8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a3f45a28-f6d9-5ffb-bbde-80bc38fae425", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0455db5-5905-5ca7-9a25-03a74012088e", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d1b8cbf-08a8-5557-98a3-8d0aa86b4b49", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94136a03-83cc-56b3-b977-0f884cc44632", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7ef4c99-3878-59f1-bded-7be2517fc262", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e60b59bf-7974-56b8-9b22-50a0ecf4a643", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:877afc8d-dd4b-5232-8571-ec5628a723d1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6044712f-637c-5803-92da-2303c853bb4f", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4d591ee-c5fd-52ad-b051-39251c328d9b", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:165b5937-6a43-562c-a951-aab4c492fda9", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:915e4641-39cd-56ca-8c90-c67f17f42fcb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e21cec1-675e-5d57-b6dc-8d20fa06baf6", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58d7c3e5-7a83-5e22-809b-5aeb0ce232c6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f28e9ab-2525-57e5-9705-b671278f1a21", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:280e7cc8-aa8b-5e95-927c-051e189752e8", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b80d95f7-7447-557e-ab8e-a261c5016a5a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeb34690-b4aa-5902-845f-3e5eb474a23b", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-instrument 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a3b4633-e1e4-5fe1-bee3-a61fac18db0e", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14801799-f8df-5cc8-a131-6ddb6dc19ac8", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e07ba267-5c30-58cb-9f9e-bd8979d90c03", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:231920db-9f38-5972-8a28-0f954f48da36", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f68b909-a5ab-5ff3-9d84-76e7b409486c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70724bac-45ca-5fdb-93c3-d5af6d3433b8", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d59ba920-2f40-52f1-bb1a-8cdd552c754d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6bf1ed7-539f-59c7-a3e2-9da8c65247aa", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1ba874a-3413-5e1a-9236-fac4119cc446", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe1d6552-7ee4-558a-9987-58d983bfb58a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3320a4a8-aa89-5a63-a3f6-13efae41e405", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7330aed-ca50-5174-996b-1d8e3eeffae5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c2f5573-36a7-5d0f-be0a-1bc2c701aab7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d7e31d4-a5c4-5bf0-855b-c5912ad272eb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a734e1c-a1d8-5e82-9feb-cfdf811ba541", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e472da2-c175-5a61-b8e8-51dca3924222", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06a659c4-099d-5721-886c-0936a1c32a0f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cce4aaa7-8e0c-5a12-bb5f-a3a55015221d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad43e0b1-fcae-546a-b63b-efbb4235ab27", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d6f888e-96ec-56a2-b71f-c4cc75e2221f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14cb2c2e-ef33-576e-98fe-bd4bbbf56b93", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78cdb62b-b407-5565-b632-0a83f18f5f70", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:febd6c96-1fb5-5ced-9fb0-4f178be89bef", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4adf1767-efb6-54d9-8190-de7dd9f0d563", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2756d0a0-2deb-5180-84f5-1198b557ae24", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c058e86a-b4d8-5456-a58a-a6edd316dc75", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cef2355a-6e52-55c8-a432-875dff6bbb95", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77ce4439-4abe-5762-821c-fc5168a88e01", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c175b228-bb31-5d98-b36d-95a08579e162", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }