{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5a0d00bd-031c-5ec2-9067-1c394926d653", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "4.2.9.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:92840acc-b78a-5cc5-96a5-76e42c2d3851", "id": "CVE-2016-1000027", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2016-1000027 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test. It is not a patchable flaw but an inherent risk of Java serialization. It is recommended not exposing HTTP Invoker endpoints to untrusted clients; if such exposure is absent, no further action is required" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba48b283-8f6f-5243-8cc9-0000e1284a7d", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04a70891-c8a9-52cb-8fec-cbb490e060ef", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e129aa91-9231-5b5f-9694-524f06c7b64d", "id": "CVE-2018-1270", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1270 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66814a5b-3792-5c51-95ff-25a497957ce0", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:897084e5-5717-52f2-9b30-4e5c2a594b26", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b50fc69a-42cb-52e3-8091-0f98420d56bd", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dac20294-8ba6-5908-9320-df5bfb5a6d73", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2533d527-6de2-5ded-b8dc-1d1a8c7b967f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a87429f8-3df3-5f0d-83d1-53c4c876dc56", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53e5616b-ad7f-54a8-a726-bf5fc8700586", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f2c52a1-fd78-53c5-968e-a104d41f31b2", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9fc4b1ba-640d-5f25-a74c-db6151ed86f9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1687cc2-bffe-5abe-929d-a8b0da71a526", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fdbf89b-7f17-5ba1-8f99-013311972f03", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c4cbaf1-5ef7-51f1-b76c-1bdf0dc386e2", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a39b002-6d20-5a9d-a6ce-3b437dd5a950", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f7db724-64a2-5b0a-875d-07b687b5f404", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9f6bba1-7a11-56e0-a18f-4371bad6c5d3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d302538-c562-5f3a-982a-18362f6fc01f", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a417255-29fa-5f4c-93cd-ca0a1f91b001", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b0a2f7d-25e4-574f-877f-5c3cc9bda9ac", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3fbcad3-756c-5695-a7ae-9ab8bdc3581a", "id": "CVE-2024-38809", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-38809 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test. No ReDoS vulnerability: ETAG_HEADER_VALUE_PATTERN regex is not used in this version (introduced in 4.3.30)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a11573d-5e55-5acd-abe8-eb9cf703ca1f", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de2f0837-6319-576b-ac4b-48b14d01541d", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1bb02450-fb91-5cfb-9dee-5ecea1878087", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b4d5acf-a929-5f0e-9811-515977a3c67e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6799a30e-11d1-5b2a-a913-d93b62ddfe5b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c3a1fc2-952c-55fa-a104-c6cc4a8028e6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7623609-e73e-5751-9b4c-4e5a761be2cc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e544729a-4837-573f-82bf-f00cb7c4ae63", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5bb3efb-82e7-583f-a7cf-6df0e6be9c44", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:018497a6-7ef8-5ef3-97c6-ae9d566f883c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d4f03914-0b96-51b3-a9ed-6a7fbb994dcc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:767e2151-ae72-5d83-925f-c5b4f30bea43", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06c1a493-ce2e-593e-8dbe-ea56ad2f2858", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe65f01b-ada8-528f-a77a-ed819bb82a10", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e683ea72-1570-500c-b9b6-d08e4b5bb7d8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d17281cd-f569-5fc3-9bb5-8f852b1ea970", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3bd19827-c156-5400-b563-8bbf54086928", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2bc4d3fa-956c-5ac6-8b34-77e459781c48", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93989594-5b78-50a5-b46b-896cc7d34c57", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test. not_affected \u2014 Spring Framework 4.2.9.RELEASE-tuxcare.3 is NOT AFFECTED by CVE-2026-41853. While the target version does process multipart requests, the specific vulnerable code path that enables multipart request smuggling appears to be tied to architectural changes introduced in Spring Framework 5.3.0+. The target version (4.2.9) predates these changes and uses a fundamentally different architecture." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ca32249-2ef5-5cec-9e8d-8cbc9ca19f88", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@4.2.9.RELEASE-tuxcare.4" } ] }