{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:493e4c44-8cca-570e-a923-85b7b65026ad", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:875e5215-84ee-5529-aee1-6ba43edd17dd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:033ccd97-a76e-500d-a6e9-4d187392469d", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e456225c-e57c-5ee9-b02a-d11bb22d38cc", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ffa52e87-da34-5db2-ba05-9814fa0b5b21", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:12c00495-a2b5-5662-bb92-d82ca72ab80a", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9470ae66-7c79-5c48-af86-c19532b8f474", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8d2ba82-8c7f-5fec-8450-f969ca06c0f2", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:156b1f4f-e787-5041-b1b1-e7a9381f1bc9", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c081e21f-9642-5118-969b-990105860102", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b188c315-052b-5d85-a4fe-507b67703442", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9655899-b8f1-5759-861a-bd8ebf88c74e", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59e215a9-d908-5879-857c-30fd633ed611", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc878db4-6660-5d53-b3e3-76bca2b79f74", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e959d124-d274-59f0-aa71-cbbff26a9212", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88b96b20-319a-5b32-826e-b2977626f546", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a1b4e6b-baa5-5609-86ec-dc71ff58238e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38aec0c8-4299-502e-812a-19cc7c1fd518", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6dc1b6fe-df25-510c-adca-2df1a2d6ecc4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2adbb91-5f69-5c90-9c5f-f9358052579d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac1a7cb9-2e16-5d85-bc56-ae13a41c3110", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b8d9fdde-e654-51cd-8819-56a99833130d", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0613b998-e6dd-5f95-9622-2073950abee0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:172be4de-3aae-5661-b3c0-99558bdb0291", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73916d5a-072b-540a-97eb-ce6807b757a7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f559a1a-c9db-5ff0-810b-73ef5be08bb0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a76f3343-5192-514c-9b5b-7fbee3b1a121", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7771e47-be71-5c5f-869c-046146939942", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83cba262-192d-5929-9d5b-7c7f6527967d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:139fff15-38df-5bd4-a47a-2f68602cc290", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:209894e1-1b29-5d7d-a2ec-de2e2d226df3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85863788-f02e-5527-8dff-aa1106e50bfb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69a7c89d-49ea-5b94-9916-d5db51d5e4b3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e562f824-3043-5b4f-a34b-a82eec3bdc52", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9245f535-b7d7-50df-afbe-9a585cadf31c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1940da08-b6c9-53b7-ba7e-9852dc5fde80", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c012c94-ff45-5e6e-a8c4-54372d8a090f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4803c943-9117-51d0-a1c1-2d23970c549c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:793c11dc-c8b7-5441-8cff-10b7d38e925e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4fd115ee-7529-54d8-a113-efaca93ab54d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2dbbbd3-9f87-59b4-9c3a-342b178ee95a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1936e45-1298-5108-a1f2-83bd6277f141", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7afff0ed-65e9-552f-9576-3fe8bde81b71", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:542535b2-0f8a-511e-97a2-679cc3645efb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.2.13.RELEASE-tuxcare.4" } ] }