{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2ef69cf-ee8b-5a35-abc7-dbab85b1ff33", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f1aea169-b890-5e60-9791-990fdab213dd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdd7c7ac-7d61-58b8-9fcf-e02e68751fd2", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3c88817-1e4b-5d3c-8cbf-78f3de66c4d2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64eb6e40-6c8b-57a6-99d8-7c3cd636697a", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9b4b8a5-1acd-5731-96ae-2fca0ba53302", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02ae5932-18ab-580d-aa44-c816dd52d96e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:584d6528-fdc9-50d1-8420-cfe4d615a96f", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc56a2ec-90d2-55b3-853c-d23a44bb51ee", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6db7fc3f-ed3f-5e67-a766-f6be78fcec4b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba9e05e6-ab06-5e6e-ac46-f1e6109b41bb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f22bfa6-0a0c-50fc-94ed-73478b343220", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:590890a8-4c41-5238-b0e7-dc1dbb5e40bb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a641e80-73c6-5a7c-8785-d98194d32b7c", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d708cc9-3879-585e-bfb2-bcbaf7707901", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c83088c-12e2-5f20-9c1a-e78bd72834e0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b99f2986-db3e-52bc-8854-aa8c7652c50b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81af830d-0da3-50dc-8bc3-4ba65a5694ba", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:504f70e9-1579-5a0a-a5cf-dce42fcca032", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a9e97c0-f323-5982-9f11-a9ffbae3514b", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7cc9f10-0eab-5da5-8f53-d13a81d8a2d1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb1bf710-bd16-5f48-b719-62d42d15fa6f", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c462dcc-a5fe-5a09-875b-0c75d6ebe36e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd52fd6c-0f8e-574d-b5d1-ae044a5a1ecd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:027ab8a3-70ba-59f3-a0f2-51f9298a2941", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0bbfbeb3-23ee-5d2f-98b0-e7f2f0f87188", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc2746f5-89da-5020-941d-9963bdedd333", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:985eec0b-5191-59ce-819e-260eb4e251ea", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5fe3a07-ac97-5a33-b3b4-5e268df736e9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:696037d9-cea3-5a64-86f9-80be427ddb6b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e42b1ca-14ff-5fd1-b8dd-a8f1ff5991ec", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:669dfb1b-571c-54e9-ab81-91374abdb04c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82d1572e-0614-5b4a-8484-a639b65e8538", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be668ebd-60ed-5f61-a18f-52344a566930", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7327a895-7ab2-5f0a-923e-6f748451906f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4486bfa-41ad-5a60-b14c-5d4eccf72dc9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cafe180-889f-503a-86dc-d76bb8b352c7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f7ff81f-18b6-5b3e-9a22-16761e5e38cd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9bc0519-3e7a-5b58-9b00-8ffb40ad46f5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:499c2163-97c5-590b-a70e-c2104af6e82a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9a40616-24c8-5419-ac8d-71a77e3ce19e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:683bfe21-a4cf-5e61-b168-55a0091cc6ef", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:345a468e-0bc4-506c-93e5-ca2227ca380b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25d2adc3-6c94-5b72-ac4a-e42bb36aa72e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.2.13.RELEASE-tuxcare.2" } ] }