{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:196c4d67-fccd-5026-a28b-9d8c10b14657", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "4.2.9.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3899faf9-94cc-5291-93d9-1ac670efb081", "id": "CVE-2016-1000027", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2016-1000027 does not affect version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support. It is not a patchable flaw but an inherent risk of Java serialization. It is recommended not exposing HTTP Invoker endpoints to untrusted clients; if such exposure is absent, no further action is required" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ff35b17-b5bd-5611-a8e6-fa32ed1751ab", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:664e078d-6f88-533b-9211-2bcfd2922dd6", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dae564eb-b16e-58ac-9c94-5e3aaad57cd0", "id": "CVE-2018-1270", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1270 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f421f03-2893-5a20-a831-d170b4e5dc32", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e42c61c5-af39-5b96-9f53-a5390f331a05", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4472b4ce-e779-5ef4-bce3-01f1bb137010", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a33b98b5-ad7c-50f9-b658-365a7a2bcd85", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a609b81-2bea-51e3-877b-43549e6fccce", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f44357ea-5118-599b-a349-f66d3264f913", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caac5bf5-71cb-5302-947d-afff5dbfac76", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf7f37af-826f-501f-b430-d9dcfee1e8cc", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d503b5a7-82b9-5600-b583-845941f11212", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e69d8a1e-bac1-588b-961a-aa3adc9ba569", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d134851c-1991-564d-bc25-fa83923fdd41", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5e67d99-c32b-5037-919d-186187fe1b6f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d33432f-2537-5626-83a7-3659f075269e", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6d0294b-ab8a-532e-a048-623a66456293", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00f5e83f-bef1-53fd-b99e-04e40f22bdae", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb99029d-b0d2-5111-b2bd-5389cc8a96dd", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8780ad56-bde3-5adc-8af7-7281c0d8fb38", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fc5213b-0d14-5925-b0ec-e9ec11abd4b4", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4366c0e-2d27-5ea2-9524-cb4bd6ea1cfc", "id": "CVE-2024-38809", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-38809 does not affect version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support. No ReDoS vulnerability: ETAG_HEADER_VALUE_PATTERN regex is not used in this version (introduced in 4.3.30)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64bce64d-a8c8-55e8-9b83-9e27d912826f", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff3a731d-8bd7-5a6d-b039-16ba2d4c9744", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20545535-ae27-5332-84ad-8ffa53e3ddd0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8d00ad8-5091-5307-ae25-6a739c814ef9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b12432b8-bfd6-5440-9412-90032051a71a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d9ddfd4-18af-5110-be48-8cb172411bc3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c27fb49-824c-53ff-a3af-f0643ba65dd1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec5e9356-6628-5c7e-8717-42524696b0f4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc5017e5-bfeb-5a58-9ac6-a30b43986450", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e58bbb48-86f5-5733-83ab-5129d4339bde", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc4472cc-e9c8-545d-9ca8-9209a0dc376d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e138f3ef-33ad-5f05-b85e-dbd11aa98be6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6ba027f-5eda-5a04-b5b5-54308820e3f0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be08229d-946e-5ebf-9ee9-3a33d86b3a4e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e8ec92c-66de-53b8-944c-e956f683427a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b4bc8da-8cae-5327-8496-1e8a870c131c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbfb87e3-e3db-5869-b0a7-d9eb0c02486c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efd7c798-896e-5a8b-bdf4-740b54d55914", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b71394c-d913-54e6-b2bc-21e4c4e931ee", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support. not_affected \u2014 Spring Framework 4.2.9.RELEASE-tuxcare.3 is NOT AFFECTED by CVE-2026-41853. While the target version does process multipart requests, the specific vulnerable code path that enables multipart request smuggling appears to be tied to architectural changes introduced in Spring Framework 5.3.0+. The target version (4.2.9) predates these changes and uses a fundamentally different architecture." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e10de62-9cfb-5f55-b6a9-1b62b795a82d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.3" } ] }