{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2d1d8f33-7d8b-5d3d-bfa7-902eff366ab8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1bd8660a-2299-5c54-a33a-9c63fe971984", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34bc958a-b3b1-535d-b7b4-e48c75782436", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95ea584f-adc0-50ed-8a7e-6302dfc966a1", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d386f210-ae0a-570d-a159-a433d1c1844b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c845f78-81dc-5ff9-aaef-3150dc40acb9", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70edf1ed-0ed8-5959-898b-57554d1cf98e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1445b8b8-e1f5-5115-b29d-56b3623bed3f", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1664cc9-b5cf-5e6b-897f-757e7692403f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e516dd2-50ad-5577-8907-8737413379c0", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e27e058-8343-5d9b-b17d-6d6fb074fb4b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4c2b24f-6556-5e34-b66c-7751c2b48236", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57cb710f-5fa9-543e-b897-e84c428eb992", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ac380ca-4034-5583-a832-8949cbc8902b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d8ee63c-3e49-5aed-ad6d-2b9c86a09f43", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc2a5c4e-29b3-5620-9a43-3276ff4784a7", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31dff503-a070-5d9a-95de-b16ecf07ea4a", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-framework-bom 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63a4e341-96b7-5d20-beb8-b97c5ad42668", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90b37de1-329a-5f64-8e62-856332c61724", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e6b86c1-9dbc-5b16-92df-0061d0720d9d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:729ad244-735a-53a5-8a5d-3d59ad5c0002", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c296076f-a91f-535d-8586-037a2c2a640c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1985a487-127d-59b8-82b3-7d13f42c25c3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1efd9495-3b03-5226-bd88-8ba8b904f5ab", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f14d8907-6cb1-5165-893c-9637215cbba3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41e154cf-79fc-5ae6-8ed1-e9ba0023782d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6942bbcc-2579-50ae-b0d8-59a738e9a773", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee66dbcc-9386-5a06-8394-01b99898e83f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25f995b2-5b4f-5b06-a3c0-b0fe33b96e4f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff78e231-c618-5826-a505-03dbe3698d8d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31d84aa4-ddaa-5b1d-8b5c-d15295841f7d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6edb74f6-7dbe-52d4-baf9-0517638285d7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5ebd311-5d80-557d-98a1-29c9dd9d1f9a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e68915a4-49da-5482-9ac2-8ffa7a2269fc", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dde3bb9-c82c-5372-8aab-63322cd7f5a2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c75e3897-9b41-5a17-8a09-276199fbd743", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f9db9dd-fc4e-5f58-81fb-23e6b741a706", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e62b72b6-d059-512e-abcc-7de59f671dc7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0067a05-71f7-5415-99d0-c92a2aeb8279", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a14e17c5-3f38-5cf2-8061-272e85364607", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f3c27b6-304c-5339-8aa5-7613822e578c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b0c12ff-e473-52b4-bea0-538bd6aee734", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e764d32f-352f-5398-9d10-7fdc75afb914", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.1.20.RELEASE-tuxcare.2" } ] }