{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b0b51194-084b-5761-8892-094689ca7323", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3a6ded91-a026-55ec-bbbf-0fc198b31f82", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82d8d349-9ba8-54a4-a8da-5160e1f2aecb", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c805bcd9-de3f-5b5b-a369-18bb14ebc793", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d485fbb-e024-5c6d-9d97-e857e046fa6b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfdf296a-c293-5d1a-91d1-148928f83e93", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92463e8d-fb0f-5528-8f73-95a7a1ed507f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42fe59a3-5f2c-5f08-9bbb-9ea88c728ba5", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4aeb1d02-59d5-58a6-b97d-ffb18a03ccfd", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7447fa0e-f0b5-5d51-99ab-cace7c82d446", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:965fecbd-3be9-5676-bcb3-573573c97a97", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c810a0fa-26df-5407-9d6f-b87fc05dee2a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:247ca0d2-a331-5fb8-b661-b4194e4dc545", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9366a218-6f8e-5b0c-9874-a7e121779c65", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85fcc95b-3982-5c98-8b28-f5931bb8106c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d80be1b6-6d42-528d-abb2-3247c18e751b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f03d9c94-a5c1-523b-a3bf-77534a9e735f", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-aspects 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c886f6ef-e46f-5cfb-86b7-5ef7a7130e4d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b58f1d6-ddc6-5e9d-a98b-50204abdb3bf", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af43a2fc-cc04-5691-81eb-70a2d7b35c67", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:470eae96-6c72-588a-b202-92eb8943c9a1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3725bfaa-da4f-561a-82ae-da283a3f3f9e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d011236-ffa2-53c9-b0f2-4e5af4ab8422", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:768246c7-02ab-5e92-b637-405d2bb4341d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6182d84d-5b98-5a14-bd12-13f14b69c8ff", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ba15603-5bfe-5f7e-9856-0c9da6f5c943", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:707e60a2-5123-5cd7-b8b9-a7ed4ad6830d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5955ac9-a08d-54d7-a2ac-8bc27135fe49", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5368a1c6-e573-528e-b587-5c9d59b5325a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a0df42d-17b2-568e-ac79-725b0ae85abd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d27c1ac-f832-584e-a047-6f2578d192e8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92dc6a58-6a12-515e-bffd-7f397c004152", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfef8d99-a03f-5368-992b-0ede4b685d57", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d6916ec-dbec-525e-83fe-2fc13339bd60", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f873c73-3288-5dd9-871d-ee36bfc0faf0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d369fb5b-f2df-5d39-beb6-2a5da339054d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:798b2ce9-b0a3-54b5-8f51-779319da171b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d994f44-ba63-529b-90b7-63e24c34869b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f8caf01-3560-5c0d-9a8c-a48a092c372a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b364128-c831-503a-b37a-f03aefe9235f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dca0fcda-236d-5b67-a3bf-fe59f8b95515", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2abf0cad-e656-5b65-b729-56f45fd452da", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b79e523b-5b81-5389-a8df-f22cf829b98a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.1.20.RELEASE-tuxcare.2" } ] }