{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4f8cc0bd-3ee4-5f2e-baa9-accf72b2cb56", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fa890d74-a62a-52a6-8aff-2035ba41c8cd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc30770f-1e84-5924-bf6c-8b971801d263", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f3f3415-d1a0-5129-84f1-5f6309b1155d", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:157a1919-4223-5330-b643-9fe5b4e829a2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c12c993e-6c4c-552e-8a0f-187a8b654a36", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3646d6dd-ed2f-538a-9da7-532dd9fab5a2", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1513ab00-ed50-50f2-8dd7-c36c54307f60", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6814a4b4-9d7b-5a27-94a0-02fdbc5d46cc", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:491f66bd-c0f0-50d2-9c44-e35602c7cbee", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:373d1aad-2fc9-57b2-897b-020d0bc3feb1", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fff356d0-5c4a-540d-87dc-c36876b8e2cf", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5df25e76-1758-57f5-8e33-4f1909fcc7dd", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22bb4c6e-d9f0-5230-9b5c-bb64f9123690", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25a1a2ff-185a-51b5-8661-d54b62f09d5c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:108be295-9985-5259-815d-188483dca884", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48e708e0-ef21-5fbd-8b53-efafe8d932b2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9acbf65a-0244-51ed-ba0f-ea3b22f20e3b", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jcl 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4434928a-18d3-5309-be48-f61319cd7a0d", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:326ee0df-4915-5739-80fb-6a0b7f59bb52", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8459cfea-fd71-5c9b-9483-0c7e2abb79d8", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bc2eacf-5698-5878-b47e-e598e4c1bd40", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2acf0a1-69e0-5662-afa9-4a32f3adbf01", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0da0b53b-6194-5e61-9a87-3d374a66b51c", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:766337dc-3480-574c-b2e5-854df8b47814", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8834b829-0317-5422-8076-035a66a93d31", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bf8cc9a-2216-53b4-be68-f21818770585", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b90a0f0a-d4e4-5968-9fec-a1c09e54a497", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7cbf62f3-92f6-5403-a54a-643ac09adcb3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecf0ad57-6b97-5fc2-8736-78c67596dad5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8c358d6-861c-565a-be42-5cdfc26bc4e2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e18d8a05-4c3a-5a3a-82e7-b01e8869eacc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6943f65-6be4-5c88-b595-272b9d65cdbb", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aaae106c-58f9-57d5-ba22-a1b801028c3f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41a91b44-66d6-5fa3-9a55-bd6ab51e3af2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29a29b18-886d-5ca0-b942-65624787eb76", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3c4fc44-d6ab-5aa4-ba90-00a927a928dc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aca8037c-b62a-5204-a112-f8264c433cb4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e536376-7667-58a5-9c10-137ddb31b73a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05a3bb9b-75be-51fa-87c5-96f762c955e5", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03dadf91-ce2c-5d1c-b0ba-4f52ee37986d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b34bd6ed-3b5b-52c0-9f4d-2bb7559404a2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9007d6e7-740a-56c5-9f44-95186a1a6f06", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:624e00d0-c6a8-5bae-9862-f12d7416dcf2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b121498f-4e7e-5fe4-8cdc-db7a5e7b1f17", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c935c014-9df5-544b-b2d0-ca7a4f26e5c9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d47bd1ec-f9c4-538d-9b05-4881b1e8e344", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.5.RELEASE-tuxcare.2" } ] }