{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1642c5cd-d517-5f78-a02d-4a8b38b593fb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:08a76c90-0f8d-583c-8b9d-e8a1b35a2b23", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb5bc593-3fd3-5ab0-9979-49622e2a8aa1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3762f5e1-25ce-506f-b172-4e8776e81e52", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1dacf97-00fb-53b1-913a-abbf8401db7c", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dee03f4-b5ca-5c1c-ad96-50e0211b877a", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73c3c6de-fef8-5e64-baa9-b74281cf4fb6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:521596a4-19e4-509d-9834-71e419adfcef", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f1a966c-ceff-5c85-93ab-280c1622738d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff8c6cbf-3286-5b79-bc5e-1df896efcef6", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d499438a-1c19-5da5-83b1-8339d7149c58", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0359044-4c34-57b8-9b4b-0be094ba2cf2", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14fa8c4e-3d59-5f8f-b6ec-69207337614a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d06d19d-2b06-5759-b89d-16c3c6df4d3d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcdaf999-5fda-56ba-9016-1409cac93906", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7878d77a-1a71-5ed3-8c25-e30cf30e189d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a770bf0f-203e-54fd-86db-9c4f5dbefa5b", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-context 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ba243e3-bee4-5089-87d7-b6c685b020cd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dbb2098-6150-5d10-a10e-71e0cb0f32ab", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1538a9ed-b8cc-52b5-b37e-74336b6dfbd3", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6449fcb-0ba3-5325-ab46-6d3718bdfd36", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de6f32c3-6766-5440-ad61-e96a9ff6e9ae", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fb37ae9-de00-53d8-9ca1-c50d2153dc10", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb59f9a1-5f43-541f-b3e0-d06b01708da2", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98d031e5-e36c-50b7-b4ec-68e1fcf9fb71", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e44a057-31c1-5455-8d4e-679fc3a7a428", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81248141-7cbb-5629-b92b-24b1ee0aec9d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33e7e953-1f6e-5f55-8dcb-8c446378cb4a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a353060a-7c25-5677-8371-d52a565e539f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c0b39e3-0849-50ce-8566-eca45319ec3d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87b5a1c6-fed3-551d-a924-9345b2033b41", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7babef53-81ab-5049-b0fa-e9e8404026a0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3db7808d-25a7-5a29-b4c8-b70f0cb54026", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c04660cb-5e82-5638-a61d-3e97540f66f5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6c5875e-3407-5cd7-9cf2-a993e886ba54", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f2bc884-4473-50ee-ac43-c61c7ad1ed64", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59c4c31f-83ea-50d3-9c15-39816622466e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1422e75-5d7c-511c-a1af-496600c3de43", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b96d7208-aab7-572e-91d2-aa3be8b9177b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:199d1780-e42e-5e7b-a81a-44f8b26c22de", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4282503f-e58b-5b93-b704-6f0ed78cc945", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33e63851-21e4-5f9b-8014-6a8e981e43e3", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51412d2b-81c7-555d-92a5-14775fc2e775", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.1.20.RELEASE-tuxcare.2" } ] }