{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:da458a5d-32e8-5bda-a774-dac3766ec046", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f331a38e-72e3-528d-a3b2-2794302fa17d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9d8da7a-20f7-53ad-a682-2e1cb5090761", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1d4a169-cb60-5299-a5ec-0f7336252c68", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4eaa1f0b-eda3-54ff-b840-8ccbfa9e8fde", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7181012-8359-51b4-b897-852c9615ec45", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f61e1b6-6bae-56b3-a57b-7ca842ac39d5", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2581d94-49bf-5401-92fa-fcfe4198075e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd747e35-9b92-54ad-9fe7-bdf07a94a20e", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:525d8a87-8b49-5c9e-b386-72f16899a504", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42e3f23a-0c73-5327-bb6a-18f555399fa5", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b098b0a6-0af9-5485-a62d-b31542a1c666", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef8cb784-7c3a-51c1-975f-03394b5ae4d7", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:353b2300-8593-5813-90c8-168a9a174306", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cd8a2ac-f0ba-5004-bac0-a83db7511f38", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4848d2ec-b560-55bb-8c66-ef7031bf81ce", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3fab3ee-7b10-58c9-a45a-9838e18aaa19", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-context-indexer 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0034241e-e245-5bb2-ba44-e463e2484494", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21296146-8761-559f-a8f3-95c418a4d6f7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f20c32f-dbac-5da5-a170-19bd550ea625", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd1be702-e5ba-555a-97fc-3ca8c7e525f8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7da990f6-ae03-5110-8fe7-d9c01e6efbdf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b295eb44-f88d-58eb-b4f1-a59bc231ed7a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbbbd778-e8b7-57ba-87b8-54954d2751e4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dddc739f-8310-50c4-8a46-998963c4e21f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6455a6c5-1c7a-5fc6-b54a-83d20b13fba9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:725ce4d9-1946-57a2-b454-25731b13ef27", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f935955a-8e47-59c2-9b75-9ebd018c88d0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cecaed9f-8795-5f6b-af25-c6523947ad11", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a5b2c04-9a20-5843-a0a6-8236f0742eb7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e7187e7-6d1e-5f2d-bb91-adda4c7b892f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6320fbe0-9687-59bc-b237-424c71f6969e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bef1149f-2b32-5543-be14-eb47b6e69bd4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd979dde-74bd-5cda-b308-0a7a6ca9f88f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a2eeade-a165-531a-8721-96a7e07ad235", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55affc56-780d-52d8-a75d-3c12d1f9cb2f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22dd3283-976b-5d64-b6cc-3691c74194ea", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a851478f-d37e-5169-84e7-b505cbc62cbb", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a33ebb89-16e3-5f93-97f3-b4c3c8fc6e9b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5f402f6-7141-566c-8cb7-ff93aa1b3b27", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb5897d3-ae8d-5218-bd1f-213def88992e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96aa9ff7-3aeb-5419-a39f-65a369837791", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6de26325-019a-556e-909b-4e1d01b45efa", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.1.20.RELEASE-tuxcare.2" } ] }