{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:427c2b05-ff4a-5bf2-b39f-609201044c0a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:80f29da1-9630-5913-ad12-08eb97f86c4d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fbfeb8d-e7de-59a6-b802-8948bbf52271", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1afb23b-c095-5896-801d-ddc848cd1b8e", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:014143a1-8d0f-504f-afb9-8edcb12f9f10", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cd0d80a-d1a8-5b45-a8af-955ce437d4f5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39b36f59-10bf-581c-a4cc-7804c9b1ea2c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:460451dd-d7a1-5507-b947-4299a3a308f1", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:257e7b74-0cc2-51b2-80e0-3b1ee2f00d6d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fff5078-7f99-5937-bfc9-a415e5b76e1b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77e6b70d-98be-5079-985f-24a231b634ac", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:639ebf9e-9b71-5177-97b9-d45b498cdf16", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acd41297-fef9-5243-b2cc-3edd7e64fa38", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49ebcc6f-9de4-58a3-8574-6ff0cfa3438c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc8ac610-e436-57cc-b3d3-80ffedfaa53e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fa4e01a-4885-5990-9ae2-7a99a8918d13", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44841ccf-de31-5d7b-b2ed-e6c19d4354fa", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-aop 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd4bb46c-e627-5f6a-bb50-a88829c0a2aa", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:872f7b07-0639-5020-b782-eb23e882f2ed", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5ea56b3-e524-50ff-9d45-682c3676dbf6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f432be1-78b0-5804-a4c2-e2f43fe28b15", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5bc52bb-61ca-58a1-a9c8-030837571fad", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9802dee1-749a-581d-8421-d52a985670d5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81160bcc-f146-54f2-8f98-c22772a9a7f1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9c2485c-d40c-59c1-89bd-b5df18e06675", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e812575-94b8-5121-bb0f-dc730d805e21", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6b24a2b-f015-5db2-ac60-2bedee1a5052", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4c28311-7f01-53a7-9e90-d7fbe6a10e66", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e90d75cd-6509-573d-9c33-402d17311396", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acc64524-f107-51fb-9491-d5071a275eb3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79d7804b-e89c-5f5d-bc22-5993f6481e4a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:356fa15f-75ab-5271-b4d1-d7d12b199286", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c618a4e8-f1be-5ba1-ad22-ebf3b71f0b47", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2908682c-520e-537d-9759-62cf30a9b88d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6430b612-697a-5056-bb36-ef26de5902b3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c3bd1d0-cbbe-512d-b9cc-afcedf39a882", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edff7a90-04b4-551f-b8e9-1ef835335ade", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63790bdc-212b-5d4a-a3d7-1250be79eab6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c78fa566-e83e-5989-9d57-3120618325fc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4015d3ff-3027-5c9a-8889-89fb0537860f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cdfcdb9-7eba-5324-90bd-28ab04b5c237", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbcebec5-100b-5950-b309-8a9c36426baa", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17bf52c3-fd32-576f-bfb8-df87a6e9d43b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.1.20.RELEASE-tuxcare.2" } ] }