{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ce03fc21-9b23-5e5a-a49d-f274692ab688", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cbe8a155-5a79-5742-b2bc-eede8c02f0da", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22b1406e-2f42-51c4-9daf-d32e84145da0", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:710dadfc-6bf2-526b-ad80-8a57ff868d8c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:566815eb-4a53-53a7-a412-32ba7ca9244e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84b67233-745d-5dda-806a-7bc258905aee", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc0ef101-bfad-5388-ac24-a2b4098ae86f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c35e81f-b0e7-5100-b6bc-ac144adde1b1", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ca52756-e215-5d51-8225-ece77cfa282d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:679cfeef-76d2-5713-ad11-6e95c35e87f7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9387357-fcc0-5f0c-a02b-b8e7b28ca808", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b913e3f6-d949-5b97-9850-9857ce83a419", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c18cf9d-347d-5bef-b04e-258ff57bedc2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81a4a695-9816-5865-a440-f34aad7df21e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:087e9d35-8f93-582a-984d-7b57122d0ee4", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e7bd14d-58b1-5e40-9d92-5587a5ef10d2", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:947e441c-066f-5ac4-a343-b6cc95b188da", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:217e40b4-ec30-5f5b-9b33-506c366857b7", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a78f4313-8f51-5256-a9a0-83a1072345f0", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d4c2f5e-2942-5e7d-9274-83462ec30d80", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b623596d-8237-5d89-b58f-456bed059e78", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8bd0a42-f07c-52fa-96e6-00d1104634b5", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0f1f32a-877f-5f2c-a25c-d3bbbacb94b6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:686a3301-af32-53f7-9d2c-431413379563", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bf345d4-91bc-5819-bccf-53bb9475c83c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af698cc8-8911-53b1-81af-7ff9c36a5c38", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6359fd5-638e-5c4f-9241-fccdaeea3d6b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02114c91-5295-54fe-884c-59a4d9d0d668", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f102c88c-ce76-5479-8d9c-890ee22d8b6e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1dc061a6-89f2-5cbc-ac9e-5c53e7f2540f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2383d0b8-cbe7-5f80-bbcc-f249aff6714e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3f92cc5-64b5-5129-8b38-5351025c5364", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8c17af8-8b9e-52c8-9941-67638c113d31", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c59c853-3511-5a97-b1c0-cb0409479227", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07666b8f-1f5c-57ca-889a-527b9fd9802d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73179e67-d3bf-5526-adfa-c2430343d62b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01c2d45e-69fe-507c-ad2d-7867dbb107f3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe990dd7-b44a-5090-ba2c-18166b6915c4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21dea9ff-76b6-56b6-9bc0-212ca3b562da", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9b892f1-818c-50dd-8e4a-ba94c4dd907c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c863be18-e8c8-5ec8-98a1-9d98dfc6613a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3972c027-9938-5f52-a4f0-954011840fc2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8c80513-5a1b-55bf-8b3b-91e18068d560", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f9fd4ac-7694-5a2a-bfac-5ba596c48533", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.2.13.RELEASE-tuxcare.2" } ] }