{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:704a334a-1d94-54eb-8c4e-48d6ff89cef0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-parent", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1d456511-3d04-5364-8880-d7cc8c1748fe", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d5bd86e-b468-5b69-b15f-6263b15d9298", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f63ed8da-755d-56a8-9628-0e0edbdbda94", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8ffde74-8789-5fa7-b855-a6d0afe8e211", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97dd9249-0400-5f53-b67f-d3f6c125e44f", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80343a77-57ec-56e6-a309-f6fce9fe882b", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfe45651-42a2-5d26-9d26-ae9902a17bd0", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a98d5fd-d21f-51e2-b5f6-806bbca37589", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a94b0cbb-9c43-5614-bd62-7f3bea50fbbf", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3dc53684-cf17-5d4e-886d-060defc672ee", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db3c7387-ab00-5e51-9f5b-dfac85718a33", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3f57886-13ea-5d6b-9a60-de63f15f78bc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f36030e-5359-5bba-8b25-0b8f51a47ba0", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f666fd3-a1f1-53f0-a8fb-425506581ddc", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebcf5bb7-35e1-5155-9216-bef980bdf31f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d37b7b6-da42-5322-8c37-d2dbcfc5b20c", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-parent 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eae1861f-215e-5ce0-8f97-55e781381585", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-parent 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce09aec1-9d46-59ee-8f11-7ea4cbb6a3fe", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-parent 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dac0460-aa9d-5fff-9562-1b5453da605a", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7051ad81-a7f6-5af5-8ab3-3b058147f5e6", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da710597-346f-527e-a1dd-08038a1ee4a9", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c92389c5-1d13-5d71-ad42-0e8931d8b1f6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a1f9be1-1ccb-5d39-a7ef-64bb45249143", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30dd7c0f-673b-53c0-afb5-74629b5ea619", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cca38b96-9b16-5445-982b-e2c42bed32b8", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:582095ef-aa93-57b6-883a-a326dac13cf9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec00e73e-6597-51e4-82c7-cb7fcc4ca14e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f7f7731-96fc-5176-9608-34f787368958", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:596c1d07-63dc-5cab-9df0-75418e4e87f1", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b49cc07-6bc6-56f5-9eae-74bc86d84b81", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b53e1ad-4c7f-5f94-a7e4-3e66f344f146", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f80f4689-76b8-5e44-a08f-8893059c01c7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ed732a7-28d2-51db-b5d2-9b39bcfa01e4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73617eb5-8075-5521-bfb5-48e4555ce9ab", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caf0a47d-6001-551c-967b-0946f71fc468", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f91a3ab3-4f8b-5593-a74b-0d9b41bf1545", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14bda144-3525-5e89-8c8c-1078887ab4e4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83470f64-8201-5a61-998e-b9684ecb0cd4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c459e07f-e9e8-5f0a-801f-3b29556d53f8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:915f2997-b46a-57a5-b91c-5712f78467a8", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-parent 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff7a4aa3-9219-5b44-84e8-aafbcf48c69c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86877264-0980-5a70-86ed-6757f443fbe9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:534692a2-99d9-5126-8126-26315cb89b67", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb79423f-4450-5619-892c-88532ec33385", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05bf8f7d-bdca-5f29-9ff5-719e4202dc59", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05cc29ba-85fc-5d16-b0ac-9e3bf740667f", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b915ae10-71f4-59ab-aed7-b5f691f2ccb0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69f9fe7f-6e61-5a77-9ffd-cd3be7043c65", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb0e0e71-2bfb-53cd-9b9d-d6a0e6e638bb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0efed151-58d5-5722-b2be-b9815b6143a5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:333d8556-9651-56d3-8f7d-43787fabdade", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87a8603f-5f02-5493-99e8-d287561baead", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08094427-bb42-5fcc-9a2f-cd77b9468e0d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:292fc8fb-568e-5515-b1a3-aea84edb5578", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1340c8f-1d9e-5432-bc45-344085fb9a8d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70771262-6806-5d59-99b2-34eccae0d64f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-parent@3.1.1.RELEASE-tuxcare.2" } ] }