{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3771e8a1-88c8-5883-9043-69bf895e704f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.1.5.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9663f488-300f-5adb-b775-d86fae6f2b21", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34cf21de-172b-583b-bcfd-eaa34e3742e8", "id": "CVE-2020-5398", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5398 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aea7b30a-3fe9-520b-8283-363c9aa81e2d", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed21bd03-d2f4-5131-a9cf-30d449ab34e9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0727cfea-8c3d-5fd0-9a3b-42cdc205871e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cbfae91-567e-5ce0-8646-986590822457", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62ddebcb-6385-5f6f-bec4-647b5bd9820e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:238a93cb-5a3c-520e-bcf5-7fab0e54191e", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:452db9df-0d9c-5dff-a3df-fa330af09920", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4b5069e-44b4-576f-9894-07654ef19509", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a07f96fe-0961-5458-9266-cf9d65c0c0f2", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0de6090f-0c86-56f3-8eba-57b837a5965c", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea2ab753-7065-5860-b683-60f63d4e0241", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c57a425-46c7-5820-aa87-ba87d6244819", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:977aa185-0aed-5d71-a526-7214a5b2f947", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85a7be2c-60c5-5dbb-ab46-f5042f68db34", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:942eabe2-0629-5c8f-bd5a-a7fd1d43757c", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-web 5.1.5.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17c62482-7a79-5818-9eb6-b2fc7e63dd7f", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b170bf64-0ef9-5a14-8e3d-170bd4ac28fa", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb78312d-5588-5c31-b384-3887639ceba5", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d195fbd2-c907-5e5d-9918-3b8044085c54", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11a39600-500b-5ba5-bcfb-0cd6ce7b6e88", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3dfaa5d-b5fb-5dac-9e7d-c7988d964c4c", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ac7103c-1b79-50c9-86f1-2d0ce38b8047", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f32eddf-4540-5c1a-b3ab-1fe324ca23ef", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a534f42-b968-5cab-9f7c-fbf3e01e6c36", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:666cf282-d656-51ef-b10b-4e070d7f09d1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92710d22-3479-5621-907d-51df8b4e761e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0cadbdc7-4602-584a-beef-1dcccf95614b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:526bf921-c92d-5a97-a31a-828dabf1139e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71c307ec-179a-5df1-864c-987d0e24db63", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a2f3ce0-43cf-53af-bf92-da60b61dcfdf", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19884cb2-aa0d-5246-a3de-b3daafc55eb8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21783dd2-9e85-51d5-8c96-e52fb1fdee71", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6da58019-5318-5020-af86-589b3b16a617", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a530be6f-3bb0-5e51-83bb-da62db592fd3", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc7c4ef0-8535-56b0-8198-65efc1fb8db0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:852588ea-3b86-5da2-967d-46459bb761cf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da80f930-0e8c-5246-a186-5e4390900d05", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1eec25d-7f2a-5444-9d8a-5b3a15fb80c9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebd1a67e-867a-54f0-a3b4-ea85daf4b220", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc82fdc8-581d-525e-a9e8-58b2f875fe76", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42ca158c-ac8b-5847-af8b-06de955f3817", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd364750-6149-5a8f-a73e-134bdb6f999a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6912547-ea3b-5b01-9e1c-458219629795", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46882413-4ca3-55aa-8c8d-d33645f0eb16", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.1.5.RELEASE-tuxcare.1" } ] }