{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6cabf8e2-a5f2-58d2-a0e1-76141fe0fd08", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3a13721-6e80-59d4-a257-1b172ce33b0b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e91a7f6-19d4-5023-a24a-5adaebef6f5d", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b9485b4-6c8c-5aa6-8396-939aac4d2a03", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9114dc56-dc2c-5925-9a5c-c62f81b97770", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad8f8513-7f1f-5e23-8268-f63ae3aa2f87", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:753df736-8029-52ae-ba32-dc0e8a983ff1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b8ccba4-578a-5ae0-9831-71660b6b7cff", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b49a4f58-b5b1-5f51-aade-2f5278b13786", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:569a0e71-adc0-52ea-aa0f-585d93a66a6c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae73b353-54e6-5fa5-a2f8-a9f5127c17e5", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a6e047b-4a84-5c33-9aae-a64d4b5fd6e2", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e40c8fa-a867-5096-ad40-63435c6af7c9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1766c44-02a9-5d23-bea3-8d243808460e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef06215b-8cf6-5334-bc89-2849488c250b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfe0da8f-659c-539a-9df0-3d516d6e83e7", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d10dd2fc-afcc-5aae-a722-b94495ddacda", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72374de8-f62d-5400-8f64-643882567739", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6c3128b-b579-5875-8821-6c9943944691", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fcbed9e-7836-5dc2-b1cb-d590f3025522", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc2dcbeb-01ab-53d7-afa5-3ed64d3ca578", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83041042-57cb-5d7c-8636-fed27b6654b3", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36173834-ceb1-5209-b6fb-5c4aa1d01db3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81a99450-1447-5fbf-80fb-7cacf0fc89b2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2ea99e6-0c82-5d5a-838e-ad31d90564ea", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9130938b-fb1b-5150-83f7-dd0896334c05", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9bd7a17-1dcb-5991-b43c-0479bba3f145", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5291469c-1e2f-5279-a004-9a4dda60e13c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac540f72-c2be-5acc-a0b0-398bb76021fd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47150742-ef6a-5831-a9a4-929d007406ef", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e1c0d0d-c1a0-5a33-b291-1ece95964f0e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fa0212f-b483-5729-97b3-3bd5ba7a10ae", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e2ddfed-39ca-536b-9274-32d231d1a4a4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bee103ea-1dc6-55f5-b023-9d78fbac6885", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f262ed40-b64e-5165-bbbe-881e3a0d9e10", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba980df4-ec3e-5fde-ae52-b135f71f07cd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb08abab-3b82-5415-8bc5-7b32297855b7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad8ec39d-eb76-5a74-a4da-eeac238c62ec", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5368e96c-ddfc-53df-a93f-50982f3df6e8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17f681a7-7380-5cd4-9583-c7df3cad67ac", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e61d9ac9-c601-5378-aa58-efeed6ff8768", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1db2fa3-613f-576c-93db-5b4968d8f84f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:418c603c-81da-589e-b138-ab5da50ffd8a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2b88121-1c09-5228-833d-e84fd7d7a608", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.2" } ] }