{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d67d9bf3-12bd-54fa-9623-603d765bfd24", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f2a52a94-705a-5f96-b245-cfffbc368932", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d4e6922-5802-59dc-b94a-8dec459e0180", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fec5c38-e176-57b1-8948-39b86f15c267", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2dfece3-c153-57ac-9e96-d97e69ddcf20", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73c32e04-7797-5b5c-9eb2-14838b0f7a87", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a40c4cea-ec9e-5404-9b1f-2214abaf4b22", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69c2549b-4ce5-5ea8-853d-20bf7603c765", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aca5be7a-7fe6-51bb-95e7-6d1fd9862d63", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdc9e9e5-8d9a-5513-bb71-6680c5fb058c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5af7a199-056a-55c2-bbb3-384e6a25af15", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1155b4da-3a18-571e-b86e-7542514e3cdc", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:347ea518-9ec3-5bfd-bcc5-a7d1ed0745b1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49a74132-fd39-5c81-9f19-62b5e7fde1e6", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce03152c-042d-54c3-84b1-b47d513c87c0", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e414730-e814-5c25-a484-e86f4e255d25", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e774680-84e5-54f6-9d33-86b57fe2e54e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a040123-8433-5a70-bdda-31a6a802512c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa79f761-8c83-5610-8aa6-0f97a9e5b3ba", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b19c0b2-2375-595e-be5a-32cf6f886be2", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8c823e6-11b6-5a7e-9248-65895a1f71ed", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:863017eb-4381-56e1-ba6e-4d1f7cbfabd5", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:798c7d7a-524e-5230-abe1-65b7fb735ce2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c56d8b3-7f45-5bd1-803a-3f07addef89f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d42c38a1-7da9-51e2-8ad6-775b2dd7beec", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb5cb361-d7fa-560d-8535-f8a412798f52", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f6e9762-246b-5b5a-a3a0-5e8dc24615b8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:630fd54b-29f8-5128-808e-87877d2fc095", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d99af4a3-7c19-54b2-8a52-71767140ada4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f7a384f-a8a8-5388-b5ff-6ea95c3f595d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f04d81d-7b21-5d1f-8f4f-56e3dfd2c93a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8768a5c3-25fc-5176-ae56-cce6ef1c1424", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:265eeff2-1e20-54ce-a278-195e83485270", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bcebd76-4736-54cb-9ae2-6cc6e23426a3", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5dd406e3-1f0c-58e9-a7f2-999b697482e0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25758fe6-4df8-5cf8-8ca3-cf368de01f89", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d9dfc1f-d07e-5590-bba5-c18b6ad0fd8b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e317f5b8-abeb-5dac-afab-3d80b9a0f228", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b305fedc-2edb-50c6-ad73-c1f7deaa235b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ede2aed-1040-56f0-95f5-b502c31e2f07", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:247f503c-335f-5ce0-a33b-8c485094d235", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d64c129-817c-5d91-ac7d-e1ee11627f5d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbe2142a-c75d-5425-aab0-561e868fe6f2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e49c0c2-56bc-54c0-9f1d-8e19a2525d32", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.1" } ] }