{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8f024a9d-4622-57f6-963e-401611491cde", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b555dc71-fafb-56fd-807b-e0f2de99a2c6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca17a8df-cec3-5e09-8b8d-98ece2c0ddeb", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbbc01cd-a651-5048-ab72-2addbe5bf4e2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adccaa2e-064d-5e24-9cf8-b917be3717a2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:431e2a6d-5054-5c60-b3f0-64e6f2609feb", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43bee480-bea5-5acb-9c50-f71b475e384a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cf83d2a-033c-5c47-a449-a41b0dfbbe61", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da39b60d-9b16-55c2-b2ea-5365a334bf83", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a41075a2-3a48-5964-a7e4-154183676d29", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03c819a8-db88-5e76-9c7a-ccb4fec6f391", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7530ee9e-9dfb-5b26-a6a6-94211e96a286", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e03ed828-191c-53b7-bc71-9c993aac4dfa", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bae6f93a-dc54-52c9-b429-9d4116aa4415", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b367638-ccb1-502e-a98d-3447496469a9", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f59132c-021b-57d6-a018-69c5f06fbfe8", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69cb689c-fd13-5607-b2e1-fc63102befdc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca326078-d2ef-5439-a102-fae2e3ddb244", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed75eac1-e420-5dc4-ac49-f17dfb5c060d", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7012002a-bec8-5a05-a841-337895326516", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b3e7b2c-37ac-5a4c-8120-bd59c1858fb5", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e07b843-3788-52fe-a446-0877a1ec6170", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66714a87-4d58-5b3e-b7a7-d48ef6db857f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b0a0269-2e2b-5f7c-a3e7-1572a8e87768", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6afdafaf-3e71-5b21-9545-376310d46b13", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a14050b2-b88c-5fc0-b09b-5122088a64f8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:150ceb23-ed07-5121-b18c-2725214fed18", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd0e2f8b-f062-5150-b2af-51d79ec5465f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebbb216b-ca0c-5b64-8859-a9e175307f7e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9995178-787a-5de3-81bb-360b39ec4e00", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab881365-9cec-5cd2-bfcd-cf01c5ec4434", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d536dd9-97cd-54cf-b583-11f428f991fc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b1c21d6-618f-5bd2-93ea-cc265e03ba37", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56325a21-4796-5a7e-b636-7e4b98d86d52", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb388f5f-62cd-5e82-a70e-dc19341c7599", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81cce66d-0dc8-5db5-ad10-b9450a8312e1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3f27fa5-15c6-564b-bbde-53f7d121c808", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5199f8a9-f781-5225-a12e-0cd5837e6149", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b90a016-3987-5d35-a391-5f889e5d646e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cae88ceb-450d-59e3-9744-39127870c99a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b8d0df6-5804-571f-a2b3-40f1e3c4cee6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47931924-346a-5df2-b1f6-8256df7ed30a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05c51dbb-e338-500e-99d7-d210da182118", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b37cc71-04dd-5d7e-bf0e-3998e14bf1a6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.2.13.RELEASE-tuxcare.1" } ] }