{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a708245-6341-5525-8a74-5072df85ba74", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:70c292b0-32a5-5f82-8b2e-f89a362d2b55", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9410fbb-2c74-5d47-83d5-99600119a50e", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d3fd1dd-ecde-51ad-8081-5791a2c35532", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5d16592-b62f-5d4b-aeb6-76e05b6933c4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45d393f4-ccdb-5f7b-bd21-a068c14da137", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edb38c16-9829-5e7f-aff4-abb5c72ec014", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fb7b297-55ce-5a47-be94-99caa8bb2c9f", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5a5a9e9-9fea-59df-99da-defd81ff4c9d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15bb7c21-14fb-5c3c-8630-b369f183ee53", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd619f5e-60e4-5f00-9246-39eee3978640", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca5dc836-7980-5563-b4c0-83221426a349", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55cc7e7e-bd68-51f4-93a4-e967f1a4fd62", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:676445aa-08db-558c-a852-769d1c659c9d", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a855c00b-7619-5041-93f8-d0759217bce0", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:009b9b9f-4973-5670-93e5-7e100aa7bc61", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73796ee8-8988-5f63-8596-41d6c248232a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33b696db-966d-55fb-98e5-71a33ca00422", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8457a9dc-328f-5a2e-bfee-5ed0ab79f838", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f1f3ccf-a1a3-57b3-b73d-b401096cef6d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43c7d523-886a-56af-8b48-44e705432c43", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80b5b3ab-d2e8-5d6d-82f4-76f69db3491b", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33751335-6560-5770-a6be-479e503a4883", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8566469e-3005-5804-a812-83971dc3eda6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fec6e612-1ed6-5e31-950f-569f23d9e4c7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5de04fef-84eb-5770-96d6-1a691b646aab", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4739ac6e-ddae-56d5-be44-2796e824fa3b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:971a0d2d-f1f7-52ef-ba25-91fa99d23415", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84310e3e-395a-5b07-95f1-960720fc58fc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a957a3f-3930-5ed3-8eec-a67d4ff5e98b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35010bc1-6808-5f6e-ac66-1d225fd8c9de", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2c46e71-de1b-5f34-af48-6c7825dbfa4e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b65a5e4b-3aca-59b1-b1f2-3e9715148075", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db44b56b-eb63-5932-8d7e-13a5b23ebbf1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfd4845f-3814-5a92-88da-4c6aea958c9b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c4d90cb-007b-5ad7-912f-4d5d63159d06", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9427353a-12b7-51bf-a6be-49fb51130c3d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdbb184a-9b56-5877-b53b-f1c1c1ad695f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ca60de8-c252-5160-9956-9551ed262d0b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d82c5042-ba2a-5eaf-9831-e09c246482a5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9c7f52d-e0e5-59d3-86d0-9c0472034d27", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5e155d3-7292-5606-8244-695f6d8aeefd", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e775b99-c400-5ac9-9c6b-22a1f5f64ac8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3049d97d-a459-5682-a431-427c14272656", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.2" } ] }