{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9d726e0c-e1d7-5299-8045-c429406ca764", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ba4aa0b5-ee23-5e54-85c9-a7494989a415", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eda16b35-3cd6-56ca-bcc2-90aadfd4c743", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22552fe7-94d6-527d-8847-f61eebebd29b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b95c16e-b232-5bdb-b77a-173de90efe55", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6019102-2130-579f-8490-0bf8fc4f2383", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54b230f3-003e-5027-8055-188e71a6779b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a205ef14-6ca1-5b06-adc7-6afd922f1cd0", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18f2d52a-0138-5362-b9f6-42fe3fd5b9a2", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a76ed19-2538-5a18-bade-9de630da367c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28b80ba9-8db6-5630-b775-2702fd983b24", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0162334d-9ed6-579e-a214-83b1fb5c1274", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e7bfc37-20d1-5e35-b147-e617ec7bd158", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7812fb6-6b95-5b86-a4e9-5758387b3b9a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62423a33-3c79-5724-a8f2-43d8a8c2e03d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04dff8d3-6ef9-5eba-afdd-9d76abb92aea", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e3caa2e-0d73-5dac-8020-ec2e3a1959ed", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8fe2618-a962-5dde-a00e-d2cf151975a8", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d92af73-33f9-5192-b189-432150cfe968", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c41b634a-5dd8-560f-bcba-7d0df429c964", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7f876a8-e735-5820-b37a-3470be59bb45", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39a57010-7009-5fa3-9c9e-bbdf6b13d896", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e8d74b2-a6bf-5741-8215-69ee22a8d3fb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce42493f-8107-57da-abf0-7791b0060a7f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc4c977d-0a7d-5d65-ada8-45bf4b57a2d2", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d739905e-e9f4-5563-91b3-f27ab9181fe5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:020e0569-bea5-5135-8b78-af9086a301f7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17aafd42-d55f-5fce-8a4a-d210466a7133", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e70e9f8-aea0-5f62-8de3-5c69007bed1f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e1e564d-7274-55dc-b678-ba11c244e7b6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a36b545f-0d0c-5f74-a05b-4cdcc62957e0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a009074-4499-5b6e-b5b1-164a3b46a9a5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6e5e7b5-10d5-5613-ba18-126d784787c4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20a6f083-6835-5896-a1fd-e6dffde32da1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1733c6f9-199a-562d-9a13-5e927a66143f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6a9057c-e6be-5528-ad0c-28233b91267e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67f6cbc5-b25c-58bc-8e2f-51c48eb423a4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32144120-e398-5da6-8c10-9dd26bb01894", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec578541-6d59-5f81-88ed-1bd441c7474f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e2b33b2-0a84-58c1-ab66-0d3fa2bb8ab9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d82e2fcc-c54a-5f05-b3a7-e28ec5dc236e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17291ade-4ab6-55b9-bf00-324f1f8a11fc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7137e5ac-a159-5583-80ff-398134326f8c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e0428f4-5581-55ea-b416-028d84e2f5ee", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.2.13.RELEASE-tuxcare.3" } ] }