{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9229f542-9cbf-5cfb-98b6-4cdf20e8d337", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:384ffd3f-0e8a-5807-ab3f-d6e9ee20a12d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95470506-c571-5e46-aa19-f823b57963e2", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d156b2ef-0efe-5bf9-9482-7994f8401d94", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd52a209-b713-5601-99b5-78fad2a6c6bc", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:675f6e90-a898-593b-8916-05d21048917c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6e22eee-9679-5a80-84b9-bf9251b50ee1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c7cc074-ce8f-5150-9c9a-c17187538e86", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8cd025b-3ff3-58ab-9514-f5f6cf2a3a23", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a7664bb-9442-5472-b1d9-9bda82ac6b3a", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88c20a5b-d57f-5736-b50d-9f0b96f75a70", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a5a222e-7290-5063-a09f-e1a8da49e0e1", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13e47524-b7cc-5c65-8b79-4acf9fc3127a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbb86c46-d9de-534b-b003-53ef03c9c863", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d9d8673-b724-56a1-8ce2-ee48608b6ca3", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c442940c-6132-52a7-9b7d-a17d83a2c2fa", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5abbbede-7410-55ac-96bf-cc70e7083fea", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jdbc 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c4ea85d-7170-5f0d-8cbe-8d820a86dae8", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c66da74f-8e92-5fdf-9545-317e18910292", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:695fbe83-26dd-5b07-b049-9a9ef183a535", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b70cd6e-5bd1-582f-bfa8-eb15f008f5d6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0007eabf-ed8b-5f42-9600-e4869547d201", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dba47bf7-dcb9-590a-a3d3-71ae7ec4e088", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dacba9a3-45ee-59a7-a2ff-58c53491b19f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69ad6163-70ba-5515-b51a-d055d53496d8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae78c262-b454-54fa-83cc-508f6b4da33a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e00befc-c4ff-5ded-8c40-df3ee4f9e4f9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1baf8c98-5c4e-573a-90ed-d8f4d8b43306", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e945bb9-399b-5443-b6e8-0bd87c1abe4a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bba47407-464c-5ecb-8aff-e52890e7bece", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04a777d5-a2ce-5e13-9291-1fd2ee45300b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab6ab7b2-d10e-51d2-8a35-a3ff2e37de69", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efca2665-4b89-5f4e-8267-fc270f88b37f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:184d2592-c3a8-5857-83f3-2335412722c3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b44a7d0-e3dc-5490-a78e-17b0dcefbaeb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c3718ce-96a7-5b19-aa10-8cb0c32661ff", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:015def1d-249e-5891-8b9f-f47d53d98393", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b84db2b-b839-5766-9a3b-dbc3b3044a5b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7279b3f0-352a-503a-8241-c07582d343b3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15cac6d9-85e7-5fad-bffe-70a98fb8d30e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32f70750-1c4e-58df-9466-15af4baeec2a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85d58e5c-68e2-50ed-a18d-6a09ca98660e", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d07b535a-40b3-501f-9e20-e55dc06053e7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.1.20.RELEASE-tuxcare.2" } ] }