{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:efea2f4e-8191-5c8d-b98c-40a623216d74", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4fa19143-99cd-53e4-a67c-19c611c5c00d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f6743d7-d4c7-5e57-a15e-8731dea07985", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3cf9b61-6b56-5d68-9b22-0104935ef490", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:375f77b9-3a1b-572d-a03a-df9c5be684a4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4158aa9-1da3-5ab8-9be3-1c6916d9d104", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64d832e4-a17c-5be3-89e7-f5260cb25218", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b8945bc-82b9-508b-b719-74edaaa23bdb", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfbb053a-a1fd-576c-82f8-b1bec8587180", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b09d464f-7ffa-5b46-99da-5b3b241c3d96", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45b6ff60-a50e-532a-8851-c8c4b8684065", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f99afb9e-cae4-5f97-9465-1375169a2e45", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba266e62-8163-5888-af8f-4d0358a4b222", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7530eb81-de82-5e44-8a42-d68efc352c83", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44de5678-de82-578e-ba3c-3df895dcb443", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e57bf28f-4c24-59c0-802a-9d33271d4e20", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26b94e0e-4d01-522b-b2c7-9193844fc97a", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-oxm 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdba09d8-0bf9-54ab-ab01-140077e2d58b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e8d2116-6ee4-5009-bd3b-d91ab634785a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd1b3635-81bd-59bc-b52c-85e5f0e33ef4", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc8fd0be-2dbd-50dd-b5d1-0edbe3620d6c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fa4ad8c-df93-55c6-bfce-a4341697409b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a2cb1ee-2600-5476-b97f-7552f87e7d37", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:112807c7-af1d-5048-bb2c-74852e4e432d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba3bc942-20b4-5537-bbb7-1e301e9b5efd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e60ef0f-12e5-53ce-b7cc-54c53706972e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cb00bd0-e999-52c4-8ef2-6a361cbb3ef7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edf71af4-0335-5007-b403-1f899c945415", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d1fc48c-2b13-573e-a112-3e694a4a4778", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fa77047-5608-5583-9f8f-916e00b10619", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1636ad16-fdb9-5e0f-b4cd-d27ad55435b9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4812e62b-5cdd-5df3-9dc3-de16a329e4c0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5e3c364-2fe2-524d-8519-bbf2062a0cd9", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8e54320-0098-5af9-ac0d-fa03211a2519", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adb66c88-10c1-5333-a06f-e6b4d105a03a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b741ea75-a25a-5a38-b728-5d65a32ed764", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00ecee2b-9f98-57b2-8e55-c107e851b870", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d79dbe3-5536-5421-9b92-d8d1a4b83276", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8df5333-ca3b-546f-9959-291b4b599b57", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8732528-89f1-5e31-b9db-fabea1316e1e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a3f1cfe-d178-50ef-a39c-31efbe704779", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52b009a1-7e21-5a29-b176-9ac4aab990d5", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1727bd7f-d03f-509a-b8bd-6246cd4dd145", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.2" } ] }