{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6efe042a-783e-5a84-8f82-e8cefd5781bb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "4.2.9.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6cee1fc6-26cb-5cdf-b816-193c77daf470", "id": "CVE-2016-1000027", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2016-1000027 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support. It is not a patchable flaw but an inherent risk of Java serialization. It is recommended not exposing HTTP Invoker endpoints to untrusted clients; if such exposure is absent, no further action is required" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abaee117-0388-5217-bfa8-493892c34ecc", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07dcd2fc-4706-5e9e-96b8-6fabd90eea41", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02706a7b-572e-5e66-b4ca-c3c673204f75", "id": "CVE-2018-1270", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1270 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8fcd2f22-a076-598b-9c5a-49ce8806f197", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03cfb9df-fbc9-5325-a871-9643c2d2ae0a", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b72805d1-d34d-5b9c-92ab-990e4a997b82", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d2926fd-dfaa-5302-8540-78ddb12ca607", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b93b326-a0a1-5c99-8c12-99e153143763", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:533c5fe6-195e-5c8c-881f-83ea0947392c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a25866fc-585d-5cbd-8d86-c89546bfdc31", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04a4041e-406b-5750-a2c2-cebe3f8912ad", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:325b870f-7e01-5229-ad90-b3ef8ebb750d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d99d2d0d-848c-50e4-8a39-eb610f531e83", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:867243a0-983e-5d58-ba1e-6ca3e8e882f3", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2032411c-c87d-5dfb-afbf-b03bbb618a3c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a97aa6b5-004b-56ba-a66b-a425a53dee24", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:072d73bf-0a1b-5a11-9dfd-ff0aa63286d4", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff5816d9-2302-5d39-a090-e4de00e51d02", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fab9dcd6-5334-54f1-b716-4ba9f593ef17", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbaabe5f-5dc9-5e08-931d-97519a6079e9", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:813bca86-b944-5209-a1ca-c9df6e33d4e0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8e6be66-535a-52d9-9f92-1e830c13b4a3", "id": "CVE-2024-38809", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-38809 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support. No ReDoS vulnerability: ETAG_HEADER_VALUE_PATTERN regex is not used in this version (introduced in 4.3.30)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:126c4407-2c7e-5d7a-8577-20edecfb62fd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b455cbc-4bf9-5ec5-ba6b-0df382f0dce4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aad4cd79-e491-56e2-8e54-aba235406977", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dbc2fc42-80fa-594f-b199-cad1a8a2371f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ce1b2fa-f0e3-5cad-b37a-59af857121c4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d4cfe6f-fdd1-5dc0-8f74-0931532c3ab6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63638a3a-7860-57a9-9b94-6347c38c9732", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f18ae48c-a6b0-5f80-8dcc-66bb88016a9c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b65b8bd9-af78-507b-8896-54a3bb7b91d2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87331c72-56c9-5917-94dc-29310a99d518", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae69d553-e6d5-5731-8563-90aae8efc996", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:792c7951-5e4e-55fa-bf9e-18ad10b5aaa9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9e860bb-22e3-5f9b-a9c9-d8152d2ca63b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac2c954b-0875-5aa1-b75c-8f455bec77cd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:831bc3b9-79b8-56d3-b6ec-70e2583c7bc8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a91c061e-89bc-5495-9ba3-9c40f82c331b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4621430-4aed-53ea-884a-9ad9239378de", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eba86ea4-2f33-5226-9a76-0d5a5e6a8a44", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08249e81-ac6b-5a58-85e4-1f774780d33d", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support. not_affected \u2014 Spring Framework 4.2.9.RELEASE-tuxcare.3 is NOT AFFECTED by CVE-2026-41853. While the target version does process multipart requests, the specific vulnerable code path that enables multipart request smuggling appears to be tied to architectural changes introduced in Spring Framework 5.3.0+. The target version (4.2.9) predates these changes and uses a fundamentally different architecture." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5e73fc8-e561-5bd7-a80e-6261eb7980cc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.2.9.RELEASE-tuxcare.4" } ] }