{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5422a1b9-dcba-5662-8eaf-202509e57835", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:236fd98a-46cc-5674-a488-b1c95ad17b59", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:641d1011-870f-5bd0-ab26-406e00d71595", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4eeb8400-4d76-5762-bbd8-112880288252", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6dbb08f0-d1d5-5b4d-902e-a656f8797374", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f70e59e9-3021-5a7d-a73a-559ac72bbd94", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2918114-a282-5bcf-9f4a-a2559d287f51", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40979c06-58e6-5e85-bdb6-dcba99a17fd7", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c8c34cd-f46e-58a3-9b9b-00b1133ca4a8", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e72f5bc-dddd-5e4e-8056-65e52965b4c4", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:94a98f70-cf1e-5854-bbdf-88b685326796", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11935a3b-41c9-552d-accf-b3d367fe4667", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02e07c0d-6eb6-5351-9e11-893831450dbc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70d02dbe-062a-514e-a037-c845d5b0769b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57492299-91b2-5221-8530-ad63b69e8bbc", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfd50d9b-f737-5c1c-9832-22b08e7e1530", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:840054fb-dc61-50f6-99a2-5da8757caa22", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb4cf18d-0609-5131-92e0-eb82521905fe", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03a7fb54-c2be-5f12-8cbe-a0fd414fdc6a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2e7a887-f7e0-58fb-beb3-5b6ff6568c63", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ed49dbb-d7b3-5a73-9c28-3ad832f77b87", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4121e5cc-d530-5112-8281-107961f4ccaf", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5899fb5-f27f-5695-b729-d41d82c985a8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0be32c42-711d-5bbd-baa1-94f218fcf77f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:822964d4-5b04-5aec-a60f-5221537eb8b3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f11bee3-8c58-5c1f-9c17-7f076f0cb2fa", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96b8cc32-2efe-5b75-b49a-585aafedeb54", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba0d6a6c-4f23-5248-975b-a317e970da73", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4b7cb539-a5e4-5324-b28e-c93899b0a760", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71d394cb-9424-53bf-9f35-0f6097573be9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b466d2c-aee0-5e6c-8a53-b876714b5834", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfc68adf-9346-555a-8e20-5bc7f5c9b89e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f4cd34c-4d0c-5822-83a1-a08e92750600", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e00b7b63-cff2-501e-8fa7-5cb3dfbf0127", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09009a59-f153-5369-abc1-28436097edb3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ca836e5-b083-5c57-b815-ab9756121b91", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c790208-5643-5241-8f9a-255bd29ebd18", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f48ffcda-a8af-5ba5-98bb-79b22f26df5b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74c38e2c-7d22-5a68-9019-fdf3493c4d01", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3a18048-9b36-5739-bea7-7aabf6941144", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f100907f-ab37-5fe0-924e-800a2c25b2ae", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:077c98e0-68e0-5326-910b-4af2ac67ce9f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9cacfe75-8a73-5c8d-a2e3-82bf3e701cc0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14d73edf-9a26-56fb-b829-ddc3fcbabce6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.2.13.RELEASE-tuxcare.4" } ] }