{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5394f9b6-d6c1-5c6f-b3d0-73e8a8e669d2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e87f500d-9b9d-504c-8177-b776fea586db", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf4af874-0463-536f-a2fd-3d9cacde06d8", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9082977a-4e71-53f8-8aa4-3299ae63a338", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:127b3896-ecc5-5b81-bdeb-5bf85473e8d0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84c16cc7-5c46-5d99-9aa0-b1f78595b6b5", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb2742d3-1d00-512e-9a1a-8bf98788a56c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d8600b4-8eac-54a2-9a5c-5d5effb5d39f", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:020cc351-5ef0-592a-8b6d-4be38f5cdb02", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01bffb9a-8b2d-57f7-9ecf-8ee89f8b202e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da5acc82-d3d4-5f02-aa4f-b4c0764b6608", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b459ae43-21b8-5089-8807-c7f8f767007c", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17882b36-3853-585d-bbde-99f7400e6627", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7a77c30-38a1-5fe2-adc1-5d87d4e7ca38", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da8e7660-a95f-5b47-b35c-2ea5f01833d4", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77e2cfc6-f01a-50a9-aaf7-346b6539299e", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:167ee3c5-8c27-5715-aace-c20edcc1494a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:399aabff-d015-54d7-9043-c0bbf31a7925", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9756529-f261-51c3-9f20-b07666788b75", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2aa83fa9-f081-590a-a2f2-235c3badcdc6", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eeb47c1f-07ef-5ae9-92ae-0807458abe64", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0ea366a-65bb-502b-aa85-cefc904b8018", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e690bdb5-89e0-5cfc-8533-af31a2a8a7cf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:141b4f5f-cdf2-54ce-8b60-5f33a3d82014", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a88bef6-421d-5250-a310-b001fccb777a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f55bdec-87ea-56fa-b9e1-7d1862845e0f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fed7c134-f3f6-51ef-b096-bc886290ef7a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8150f81-9666-52f2-b32f-c098bc75d309", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:502454d1-1c49-5e0c-abaf-164d1629319e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01a506d1-9f64-5be3-bf57-53a552dcaae1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d98275ac-219c-5f71-b008-5acc002356df", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84299974-8171-5d50-945a-d8f9e91c78b8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cbf2376-f4aa-5c56-9fd6-c67c7e0d7611", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b03d792-6328-5047-8add-84167e30f7da", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9537ae11-9e52-580c-82ed-81b4e9045a2e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27e95ba8-b268-52a1-a7fe-d8a0210d09f7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25ff402d-2364-5fb1-99c5-cd0563916fb7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c70dd74-43bb-53f7-949b-39f05b60faf8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a67b9b73-46be-5a4b-ab16-27246464660d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0c5e8fc-de45-5054-b828-9f754bb27d87", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ac59236-490c-5676-ab0b-3eaca42270bc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12d22943-1413-5084-abe5-32757712673a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c2482c5-bfa8-54a2-9716-35c5a8ab7143", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e511665d-b9fe-5853-b130-cbb338093657", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.1" } ] }