{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6317e715-b8fc-5584-b045-28e5c5c39e6a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a7a4c443-e9b8-542d-941f-961b05dafc8a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cdb12f5-d4ac-5567-a398-d84322151e1b", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61cc7c3d-d4c6-5630-8dce-bf8b399e7392", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:218af1ec-f990-5d08-b7b1-e695d78575ed", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39ea9164-aa5e-5941-8919-0a435eb19576", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84641c99-3162-530f-b096-d567ec9843b0", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5410553e-a859-5757-bbfb-5c5fea73d615", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b8bea6d-0003-5b38-8375-5879889ab673", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd3f7e55-5cd0-5e40-8189-0b005be731ce", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c73f455-02aa-5910-9eb7-6cc241d448d6", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6f94a98-6faa-589e-96e9-d1765368e370", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:348a4046-994f-5b75-9f64-4e0d2ccf776a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3889b38d-40e6-55c7-8127-f7506b31a7ed", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54e3cb7e-9f99-512d-9e51-440c0c1b472b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dcbcb24-4c5d-512c-9ee1-c234845810da", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:175a477e-c894-5c1c-931a-81594d7a2a26", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32085221-38f0-56d7-835d-20b6449ca3d7", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-oxm 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8120ca5-3860-5d48-90aa-6633f7b3876a", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e6ea0c6-1edf-5964-8317-ea76af6ed2bb", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7dd3510-ce06-50ec-b958-6bf854a1607e", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0962c25b-6249-5cb7-8075-fed8c88b2673", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af105cc6-300a-51e8-9f77-d731732725e1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec587d95-95db-520e-9399-09aa87f9aa54", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dabe76c3-28ee-525a-9948-77ca37bfbb06", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f35a3f18-0773-532e-a765-f8aec046d8e2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:885417e6-44ec-5d09-a02d-510b082ff328", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97f54c7c-56f3-5cbb-90b1-6825b5c6b259", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8930e6b-ba7b-5c40-bf76-40ea1f18f40b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48cc5ab9-8038-5c83-9241-d607961853ef", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43475fe4-8f3d-573d-9a40-8903cd1126fe", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc884f95-cae0-58df-ad2d-5a3a28bbc44c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6a256ba-b7c4-5e01-8df9-5a38b1cdb51f", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79638a77-abc7-5ad8-9aad-769b3a4483ed", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc2d1bd9-1846-534b-b540-fe4fa4e05e3f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:350340a6-49a2-58f7-9448-fda6a9bd8369", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dff7661-6fc8-5f6e-a12c-524699e93dce", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1aebca0-b595-5870-b1aa-bf10bbb1dcda", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85c9774d-bf00-5b82-b9b4-ac2a135cbe26", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0eeda3b-9956-5142-b9f6-8d03eda190a4", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6eee7d16-53ec-5243-8129-2d1c249f8976", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54b045da-f850-54cb-89dd-c11f7df708c6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4adcc5c-f670-547c-8bb9-1c719088f9cd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9e9ac78-7b21-514e-ab2c-600e302d7da9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3b1fdb9-2b71-5626-8dc1-b54565121e7a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7838c6a6-bb6f-5408-9f94-1ec3ab502872", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5eae03fc-7ea0-5091-ac86-380460056990", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.5.RELEASE-tuxcare.2" } ] }