{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1402d3cf-5e15-5ed7-8e0c-c83778f01a1d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8c692ae2-0741-5064-a75c-a78c3c473116", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd3314f7-84a6-5982-9c95-8dc3c8126bfc", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df728b46-ac3f-5819-b169-7d430f491a0b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3607f1ef-81ed-54fd-a75b-d9a5cd04b638", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b49b20f-7881-5029-9d00-aabf0cb17315", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:941b2023-d7e3-5cdd-a435-04ce7dbfd76f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:488d04e0-a7e3-5acf-8d11-1e178c492344", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b41d19f0-e735-5029-a018-4e5939bc8d7c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46a98c90-2c12-55b8-9f0d-362ab3c33c50", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca64d6d2-9671-513a-9c02-7f4fd214acc0", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:327fb313-4bd0-59f2-9218-c8ed4c8a3867", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:baedde99-3891-5362-8744-2dad81146e99", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:650ae6c2-49f3-5c06-9c96-6e6c6ee7a8b6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:981221d7-29c3-566c-b88e-523856649ab1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a12e5a2-aea8-555d-9b04-e70e34fa16c9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d9e6f64-598b-571b-8af8-1d675972855b", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-beans 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2eb1ba4c-b4e7-55da-90ba-1007280ace8b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e900d18-f6cb-5a06-b93d-de43f089ef4c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88eb92ae-8155-57d3-ba66-3c45120acec6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5abc4cb7-b75d-579f-9190-cb3033f65e58", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2897b21-e3c9-50d8-b53a-e854080bff38", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e678f24f-0c74-5a39-ae25-e89f34778597", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e82033b-651c-5db9-95df-a88af6d97b5e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26fbe27d-beb0-54d7-91dd-ca52b36b2f16", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5f7f1a9-d982-59bc-84de-372a9c1401be", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03a140a3-8b6a-5e05-8bd6-6ce30b6aaf61", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27fe00fc-21aa-5dd7-9dcd-67765402999e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf256382-5d08-5016-9789-0d5bae3975a9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f851a685-1432-526f-85c8-e3611cafa972", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8497685-53cf-5d67-98d0-cff66a778c7f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e42b638-6382-53d1-bc64-c4d5b348c8aa", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f65a0fc-ae01-581a-b007-dc65e5c0e2d1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b11744c-2ff4-5a8f-9d3c-074a1a3c918b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef6a3027-103f-5d10-be1d-873a2dce756d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72a3bbab-a39f-5172-9361-4ce47145a351", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea3e3556-d321-5d73-94ef-6be320c4657c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:240ad04d-9af0-5a87-8842-e820e9d19abe", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e105305-b2a3-5a04-8fde-839ad13cb32e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00ff891e-5bc9-576d-8f35-e06be7d7b9cd", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:855864cc-e582-592e-be05-5dda3029990f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1c6242c-e514-5c28-b2d3-f22e507cc06a", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e86771a4-642d-5a1b-8896-b2ff7f98abce", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.1.20.RELEASE-tuxcare.2" } ] }