{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa6c8207-6460-5084-ae40-5ae476496ca3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.2.9.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:49cdef44-7068-50b6-9c59-016de5e0f0cb", "id": "CVE-2016-1000027", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2016-1000027 does not affect version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context. It is not a patchable flaw but an inherent risk of Java serialization. It is recommended not exposing HTTP Invoker endpoints to untrusted clients; if such exposure is absent, no further action is required" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bd3acad-4da8-5739-bcae-14226c58a233", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fed0c1d5-1a78-56c7-9791-c335d500cc6f", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b901929-8521-550b-96bb-a48cdaccf9f1", "id": "CVE-2018-1270", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1270 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8e09182-6e16-5341-b232-b764177c421a", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ad4831c-e338-5c59-9a8d-ab0a372706ff", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:727f3121-fe22-59ee-ae1e-7544dd18c3b9", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da7dcbd5-2a80-5123-8428-dd7950817e34", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd9d9c2c-2b7c-5ae9-a189-a106d0952c93", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce9747dd-10af-5552-8dda-a9c4a2b77090", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ae7efd3-7fa9-5634-9cf4-9d9e36e41e88", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec714bc7-8e46-55b2-966a-744dbd6b7b5e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f901951-91b0-5793-b5e4-d09e6918690e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:848f2d0d-511f-5fb9-af16-62255325b166", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfc04e28-9436-5da6-ad5e-baea7babfbcd", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:379fcb34-e477-5109-9506-30f60180a1f3", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab9160f1-5429-5c0b-a016-e5923310cad8", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6107b835-3317-54b7-b9ba-4594b5eae471", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a255cb20-dcee-51fc-9d54-b58fc38c774d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c38bbb09-fa43-547c-8980-aaad351b3f4d", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eab4eb52-fbd0-5e96-a82c-71d8e8dd36c4", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0537c39-9370-5617-8497-6e3887b1b8c2", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f7c97a7-e395-5562-a6e7-f2367c4d3f15", "id": "CVE-2024-38809", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-38809 does not affect version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context. No ReDoS vulnerability: ETAG_HEADER_VALUE_PATTERN regex is not used in this version (introduced in 4.3.30)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd109008-b83a-5eac-a6fb-f84e978cce1a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48f5666a-3650-5aa3-8948-7f89817d581b", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3220d586-1c13-58f4-b761-12fbac007826", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:774b3eea-2004-559d-af02-56118d41a2bf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6960db9-7b4f-5520-80ac-2ff060035932", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d8fb1844-4a67-5216-91b9-343238ff1a1f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f716a6fd-0264-5561-862f-496862d8ea3c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04300cad-0a98-50b4-adb1-7ad4f9f4f6d3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c59c0a6-90cf-5bd8-bc7f-f10a6ea3b9c6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74363248-1319-5844-82d8-bedb3a1d2298", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6661bc48-c11a-5254-ab2c-fc1c0c1a6696", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f08dc8b7-b758-567b-a25f-798bae107fde", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5ca099f-f2ab-52e3-b580-3a34d6122df5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c132f77b-f152-5480-b8f9-425df45f1394", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:713202ea-d988-5b2c-9364-13fd4f951f8b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3888249f-52e1-5607-a28e-f7bf50fd2757", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4fdfa6d-5ec8-5b1a-b7eb-e1c00d33a323", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:851dbc9f-4266-5979-a266-259b7b8b307e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f64aed9-5dfb-5b54-8280-a5a66e55e545", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context. not_affected \u2014 Spring Framework 4.2.9.RELEASE-tuxcare.3 is NOT AFFECTED by CVE-2026-41853. While the target version does process multipart requests, the specific vulnerable code path that enables multipart request smuggling appears to be tied to architectural changes introduced in Spring Framework 5.3.0+. The target version (4.2.9) predates these changes and uses a fundamentally different architecture." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9915fb1-d2aa-5035-9584-5240a6cfe1d0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.2.9.RELEASE-tuxcare.3" } ] }