{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a7dc4039-e1c8-5bea-9dbb-4ba4d398cf7c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8cade73f-e44f-5a00-938f-82d4f6f107d8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2aabcbbc-3a93-56b3-8843-fd7a378442bf", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8506f7d7-c05b-5a5e-8a97-05e050d69bd6", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2eb6e52f-a5b7-5780-abe0-017784ca43d6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ee9e351-42bd-516a-b3fb-9be7b69f6387", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc6e81c4-1c92-540f-b2b1-247292853bde", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e4f638a-fed4-54ab-994d-e685c6e1d8c2", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5f2567d-4f26-5503-8efe-3eac978f69e8", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7bc0bf01-cb6f-5d03-8729-c5f69d78930a", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80d5c72e-0838-5f34-ba3b-23e0ff748218", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:940819cc-ee0c-5913-a217-59320fb8b106", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8245142f-1b86-5da5-bfbb-4f5cfade1c64", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1b815a4-94ef-5c6d-b5bc-68ec507aab47", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a46c125-e6f1-5c6a-ae8a-cd0e1a4c83b8", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3adf97ad-7001-5b4a-8b16-b2c24b5eaf56", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21c33326-d120-5887-a2ea-da3ef90e4dea", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-core 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8aa5ba54-a74e-5f62-9ffa-4de50d992059", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc2b598e-84e6-5560-b208-0800c0cf9f38", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0bc6cf7a-21b5-566a-94c0-466a97d41564", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b16c27c3-e90a-5b53-b0db-160f97a8d7e4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2041793-64bd-5a85-b78e-50b3224ce3ce", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0d11a67-af1d-53c8-9471-54072385abc3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:644e5d29-de4f-53d9-9c7a-4b41384c391e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56d1bede-75a2-5ba5-9361-5a61e4a798ee", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31827fca-38d2-57b7-a3af-84c03d25ce64", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f305f0c6-0f94-5d5c-b861-613805eefa1d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8b940db-d2ea-5a09-9449-b6d93951056c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77cf4cdb-46b5-5bba-8251-2edacc11f0b5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d7c6a1cc-2cea-55eb-a7f8-f67816338724", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f17ecf1-24d2-54e9-a738-69ed80cf2604", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be1a83d4-081d-5897-880b-97ef1e10b7d1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c19b042-14fe-51b8-970d-5a0048aa78bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73ad2460-246c-50b1-99e4-691cd7a920d4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bec7b12-2817-52ce-a76a-24c84d244941", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0088c210-abb0-5718-ae62-26908264c3db", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b557922e-597f-5202-9cb7-5a84790d112b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d86b59f-652a-5e25-9d74-67c138c8b9a6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae15727a-f2b2-51b9-bcad-b9d57a75f8bd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:081ffd7f-92ec-5b72-b26d-3e2c11ece8ad", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08ea07bb-ad12-5e93-bc8f-23b2c3b1ea09", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c60504e-a06a-50fa-ba7d-cfb8a2553cb2", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31ed4eee-b2d6-51c5-b262-e7d4ecba90a1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.1.20.RELEASE-tuxcare.2" } ] }