{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:904a5c4a-c06d-52c5-a578-2e67112fc990", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "4.2.9.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9d3342c9-27fb-5974-9332-d581815653ff", "id": "CVE-2016-1000027", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2016-1000027 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects. It is not a patchable flaw but an inherent risk of Java serialization. It is recommended not exposing HTTP Invoker endpoints to untrusted clients; if such exposure is absent, no further action is required" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4680617e-31e8-5791-908d-34cd930dec99", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56f56990-5a2a-5576-94dc-94d36ba1927d", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46482502-8c38-5450-8c8f-11dc77417f10", "id": "CVE-2018-1270", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1270 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c26b8dbc-7e6a-5241-8693-d7c79c3a44cf", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54251aa2-50c8-55c6-8520-59311f0257ec", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b91b3c2b-00dc-57f7-b660-91e9d1824a17", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a3cc69b-5457-539a-bf0a-5f3c89e25f38", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff810f4a-f2fe-5c18-9dd8-492e83989f1c", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d8780ad8-e66c-56ea-bf4c-bba23b0ef7b8", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9300d59-770f-5dee-b0d5-a44b4cc86804", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:940b107f-ae5a-5c3f-b7c0-893240e1f728", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df534cd5-b714-5684-8354-3b9156e698c0", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae453b23-404c-5747-b0c0-74636aa28d5d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7fbfa86-653b-5e8b-8ad9-36452c3c8188", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb3c33e6-7dd0-55a4-9024-f7732b5f187f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f62a1350-6404-52a1-9940-866ef83a18fd", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5637075-b392-5a6b-9aab-63e48d152576", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e834477-1c39-5ac6-bfe7-a9f4d0f87159", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65d09fed-0fe5-55ae-89d8-4163f7105e18", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a205d65d-fa52-5230-bd54-167f3484a709", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04e7eb4d-4c63-5d9c-bf60-6b8d860c141e", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65387000-6464-53a3-a11d-a1fe3016540e", "id": "CVE-2024-38809", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-38809 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects. No ReDoS vulnerability: ETAG_HEADER_VALUE_PATTERN regex is not used in this version (introduced in 4.3.30)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66bbe80d-5202-5383-918d-281deacd477f", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97ea768a-4a25-5275-b31d-8f37910d1389", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a3e9d2c-9eb2-57fa-a8be-dbd382bce887", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e06cf3b6-2ee9-5c45-be38-d396296e4f2f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b22b72ae-d49d-58c0-ac8e-60eed2aaf554", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f873cf7-9d12-5914-a863-06f73d6cd558", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f53e9ae-ae02-578c-afc1-7da1743421ac", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4ea91f7-59ee-5ecd-b156-96303f25ff62", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:030c88e2-776a-562f-86b2-12ce5df12b4a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b40831f-356d-56e2-b1bf-784b34a7afa1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c219ea2-0790-5cdd-9c47-3df9165aa758", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f18ccf07-3b9f-5664-940c-345e72802122", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:23b5b14e-6a46-57be-aacf-ad65d7065381", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:769088b3-7a6c-5404-bcd9-d0e64c09ec4f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98193e6b-8326-5855-a92f-e5ef9af790e0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:baea885e-bff4-5eb5-b50d-f51b0a7d0164", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35b1de4a-440b-5d59-9b6e-4818a6a65db3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9f10420-19a3-5f97-8cd3-27f62e691d91", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10112554-a796-5f11-98f9-0e898ded8a87", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects. not_affected \u2014 Spring Framework 4.2.9.RELEASE-tuxcare.3 is NOT AFFECTED by CVE-2026-41853. While the target version does process multipart requests, the specific vulnerable code path that enables multipart request smuggling appears to be tied to architectural changes introduced in Spring Framework 5.3.0+. The target version (4.2.9) predates these changes and uses a fundamentally different architecture." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d23e45b-7ab8-5c08-bdd5-b8de9d8b9090", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.2.9.RELEASE-tuxcare.4" } ] }