{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ee967206-a9e9-5e3e-bd32-7767a9655562", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be9753e4-bc8c-5dad-8ac2-7a8f37d5e678", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba92dab7-a985-534b-8fe0-bc06966b1549", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed798f1a-ec9c-5f41-8889-7f56353f46c0", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:202944da-d4d5-5f95-a345-51e109ca856d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28915041-d233-5fdd-a947-9d953d45773e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed4081fc-b6db-5158-bd2f-9d6810bdda36", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfc67704-90bb-5bbc-b390-8358edd4f7d9", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c18d6110-7bdb-54bc-b5b5-202c3df284e1", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff9a0e16-7298-5cab-beb4-48545b61f44a", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f58927f8-658b-5cff-9946-e54d61bdf202", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40b46250-3725-51c6-9c39-7cf7a278eac6", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0de1046-f660-5adc-8364-cbccf1482950", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d9ab450-b409-5927-aa5a-45fb41076309", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c9545b6-d956-5f0b-bafa-115b2ad2261b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bac73e2e-26b3-5657-a9f9-1a0863d2dd48", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48007d90-1f12-54ef-ac98-009f9cceb5a0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d388ca39-6f5a-5263-8bd2-b6068a021735", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4cf5aa3-45f9-576f-9736-fd69f3a300ac", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bda700db-d5cb-54bd-94fd-2a511be19c75", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:305c18b0-e201-5bf1-88d8-a5d18cf54225", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d6056a4-e47b-5334-90e0-c196a05a64e7", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:36dc5152-7345-55c4-a282-26840da75a69", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95d5d864-1b81-5ed9-8443-8dd621f6050b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df54b6a8-aee6-579b-a169-05041f633675", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42b6f777-18f7-58f7-abe9-4e033766d132", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abbcafad-a24b-5c04-bc5b-ee3e3381949c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0d8128a-3bff-5e76-b555-3571d0a0edc7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d63a014-ca20-58c7-a54f-e4d2f3c6a175", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:869b2adf-c055-5545-8f3b-ea89c6c4e1c2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5adbdf87-7884-5862-814d-ef88ec888343", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:170c09a4-95a1-5bb9-8f42-9baedf175e2e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:042a45ae-0922-50cc-9f04-7e698c173baa", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57a413b8-3078-5b18-912b-87434f13038f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a2669a7-39b0-5d61-a57a-b2546d4b178d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ca71505-857e-5a41-996f-982e7f94a381", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce3e37b5-dae9-5945-948a-f2660a3321a1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00392a92-2c59-5d7d-915b-2dc7da1535b8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbae505e-9a24-551d-9926-6a87830d3a23", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7164ab3-0e62-5c8e-bee3-cb55b308ffcd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2bd6a45-215c-5f63-9e5d-43ca8ac19319", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fe61e7d-c1da-58a5-957b-483f0368ee1f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f870539-74b3-5d8e-be7e-234ac4794102", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4446d0f1-a01e-5843-9f3b-77ed263f320f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.13.RELEASE-tuxcare.4" } ] }