{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5659f38f-8c15-5bc7-8993-9c69b19d092e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fe019b21-0288-541c-a755-7c95b08eafe0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81216155-649a-5ed5-bfee-874c99373105", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9c7ed67-f093-5d24-8d84-5786b8cad469", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5626f8e8-c530-5b6e-b8c0-47bded62e8cc", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9171168f-3197-50fc-b195-c9bac2f9ec70", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bca77e1a-cda9-5120-b3bf-34580daf399c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dab422b9-2fa3-5fdb-b657-d0af7a5c5e56", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c8f66ce-5e50-5791-80a2-99e80fbee53c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23f40da2-2dcc-5c5b-b1de-1fd289399140", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:faa04050-e99e-57a7-b7c3-2cf38aa00f29", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47295329-563d-5581-a572-938224cbb74f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a98cef12-16ec-595e-a9b3-02ef6b9c1185", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49850fb4-4930-5680-af66-ef31f179d7a4", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:370e838c-4484-56f8-bb3e-618ef15f7ecf", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89960aa6-ae92-5820-9dc0-5f7459f8d6c5", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9fac6927-1c04-5671-907e-6d89059b87bb", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jcl 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8b66f33-bae7-50a1-930a-128e560ef01a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76c37dde-a225-5754-a5c0-bac036078a16", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:279cea8d-4102-53ad-b3be-52ee399bda22", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f3d7fb5-0a71-54da-ba03-a2b1f39285b1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bcf576d-c6b7-57c7-ae16-3edf5585feec", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:660c8d3a-3f18-5bd3-b0ac-b87f8897dcb9", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee8008b5-b9fd-5821-b500-559b97d2a817", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04655014-15bd-5d94-bcc0-b089df0567ee", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:574bd10a-ca1c-55a1-8046-57564f714249", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e3fe0ec-d64f-5ec4-9b9e-3fba484f40b9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36c45dda-7c1a-5b20-85ed-88a2958a5ced", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5e6e65f-3a39-54b0-9e28-a892798e109a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4e24153-d4fe-5d7b-95d6-6ee90794926c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4333bbcd-4fb9-5ef1-aa39-279da6985e3b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec4c7523-88db-5ab3-bcc8-f7dee8926818", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4332be2-72aa-5dc5-9fcf-24ba7610547b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:afa00d01-c29c-5c14-bbe9-25e7257d1e5f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cec50f31-44ac-5a07-bc65-577a8783c17a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3dbff80-6102-5476-a253-f5e40dced7b6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07fec5d3-cc05-587a-9bb2-029244ee98d4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:867b2b8b-8c01-588b-b57a-7dfa744e2374", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4189c99-88ea-5a12-8201-0e3034fec657", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36d6b0ea-3f04-5c5d-884a-1bf7915c3948", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75ace0ed-154c-506a-94c4-c85afea9e103", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e96f8f5b-c7d7-522e-b129-a244e37ae4b3", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74ba6ac6-3a94-5982-bf06-469530662cec", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.1.20.RELEASE-tuxcare.2" } ] }