{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2b7bc41-e0f6-5424-a996-dceda88cd2ce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.1.5.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2c6f8ddd-152e-53fc-b77f-e51835d99b05", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fe51b67-98d5-5b1f-9531-bbb184065f8e", "id": "CVE-2020-5398", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5398 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7b35816-1a19-5a2b-ac90-750ba5d9daca", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:663ffc96-5c4a-5685-abea-557114812a31", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce4349e5-a3ea-5a43-9c61-798de5062ff2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4aef3c4-66cb-500b-92dc-18c2cb12fe5d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e0f83d3-c7e8-5ab0-933e-e46446be36bb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05fdf09d-f16e-53e9-9bd8-419f5dbddea4", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:889abb2d-d013-5a67-bd94-25190776d84b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbbf6b58-0bcd-5ac2-89c0-092a3d0a501c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b21d735-71f1-5a0c-bbe3-ec35fc0bb23d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12d9d035-90c0-5c27-844d-719a6919381a", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cabdf695-f892-5893-87a9-ed4a0307ed95", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:417cd2f8-38a5-5bcf-a428-267a53a1c670", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecc81223-7f2f-5ec3-8896-a5b1498acd9c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9027d3a3-8e4d-5bd2-81a1-b5ed5fa780f8", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81b2e89e-c19b-5ae3-a378-c21f40b56d02", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.1.5.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3053af93-193f-5378-8233-beb2a71c6b88", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee2d054d-4e42-599b-b480-1cb345e7be3c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0991559-aca4-5395-b308-a32a488759f4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e7378a6-d4f2-51ef-90a1-2c65117fa61a", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c3d79d2-d494-5045-b3a0-a7d85ea37a31", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ec20557-78dc-5ec6-8fd4-b78513cb2823", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64655ae4-3d07-5e1a-9633-26a314b43bb6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1aaad40-9bef-5ac9-a146-e33e6a44db55", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb5bf3d4-636d-59fa-8664-b99408ecbd32", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:553600e8-3ab3-5e2c-ac3b-b8c0b01aa3af", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f4d6322-e6b5-52a4-8143-397282c19f6e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63f1f571-147e-5ff4-8fa2-584f05a4d249", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8929ec4c-ee97-564b-a30e-a218cb4f66b1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c42c0ca4-7b1c-547e-a213-33b44994ac1c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:666ef737-81fd-542b-810a-5a11c9b81765", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f986a76-5c16-5da8-9496-e89a9f5694b1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:391a6d1e-805d-5c2f-bfdd-7425a16e7ce3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e83c3da-934a-5e82-ac15-dbacfcd50416", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3f8344b-9a31-5ee7-aa7a-d1441fc493bc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3758bed-2674-59d2-b0d3-3112607a9b7d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff50c947-d413-5b2d-83be-f996a79265cd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:874a8864-1765-5512-9515-d3fe8a190156", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c69f6ca1-cf9e-5c4d-b431-5e11182b9b04", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2add9553-d898-5477-b58a-b6335cdec49b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17c392d1-3b40-5ef6-b493-3fb5aeaa34c3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c1a6379-7d92-5239-9856-f280aff2268c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae5f9842-b2a6-55e4-8d48-623a60975949", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71109e5c-dc78-5a32-81d6-10a77966818e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12581b73-2dfe-5bb9-945d-ace5b5e14346", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }