{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c8836cf9-60b4-51a1-b2c3-89086430a9f6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:20ddb477-6475-5695-991f-d0c7ed9f0cc8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99596e95-0d91-5f71-a7a7-9705d8acd68e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bef5bd2b-5d77-5250-ab5b-c147979bfec1", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed53857a-5243-5396-8544-79a960abcd62", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84a1c2cf-2444-56c1-9050-5cbf4b68c59f", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3a807e0-0111-5465-80c2-63b312bb3d23", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ab15c4a-9d98-59f0-8517-4ce18d231ac0", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7df2b81-c437-558a-a8a5-535965c770f4", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cae413c-e18d-55d2-9fe3-0bcc3b342992", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:147502ab-878b-563c-8265-825ad56b62fa", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59299248-ae78-547f-9550-4b8d9ff34bce", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c3a75b5-00dd-5604-97ec-84487ee59957", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3771ee6-0ba4-5d35-9068-c8407b1f7175", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:309d950b-d090-5004-802c-b635c1dbfeb5", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18766368-b67c-5f09-9bb6-25ff74bd8408", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acdc955c-228a-5b98-aa07-0a76b1abf7fd", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-context-support 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccbbc33c-e856-592d-b64b-bea76af37e0e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b12ebdb1-c2a3-57c6-8e70-0838acfbace1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b12c825b-d24c-5e28-8caa-18657fae136f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf364741-0184-5588-8f61-3a2b68188eb6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0578808-976e-5a36-81e3-cbc28da11fe1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:825dd8e4-0499-5073-824c-08820972c090", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40a7c0c5-c6dc-5433-840d-2fe7be06c185", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27544600-94ac-5f62-818f-365d21883eb0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac1ddc54-ca92-5540-b93f-e148c6c5c74e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e627d83-e9ab-5ec3-adff-3e0de0755c5a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:241d64c7-bb7e-5521-9e69-fc7d73088fed", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8be1a641-a14a-57c0-b76d-2f80795516e0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb0779e2-a161-5e3c-ae91-45523febdc6a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29070ceb-d6f0-5c50-987d-86197b12e643", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdcf57f7-8fa7-5bd2-9be3-de267bda23e2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7d278ac-68c8-5e1f-aa9e-7acc7023f792", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f9ab2fd-144f-5f16-bcf9-4745b5aeccfa", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bca7fa3-afae-59de-88ae-1cdfaeb55687", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f7f44fe-87c5-54cd-9f58-8d2e3ab1c5db", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25c3de54-3434-5aeb-83a5-ab27c6949f01", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89a3afc2-6cca-5279-b094-14c2cb7e88f2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb59a5ac-6873-525e-b3f7-6526d34d7e36", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d97f4b10-3280-578b-9538-f0e365565992", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b84dd698-3562-5536-8dfe-e85cf01e9f3f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71599fb4-b2de-5b38-9c8c-6b33316c8ff5", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9aed8910-b440-56b3-b6e7-e91833e6f1cd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.1.20.RELEASE-tuxcare.2" } ] }