{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1743a419-3d58-5bdd-9d0a-9c2e9ca93806", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9ad64532-beda-54ff-afe5-d7af866f635a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9843f21-1060-5a2b-b395-0f207dbc7dc1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb726dec-9241-5880-982d-232790336041", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcc4ae0d-c8f9-5719-b431-99e35277ad6e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6d9759e-f3ec-5385-b29d-c73ac0894003", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f26dc694-6739-57fa-bc0c-269482d5dc4f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2887e3b0-cb34-57a9-990f-8c3f3b283cef", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2954ba45-903d-5e0b-9561-d36ac9016918", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8e627c6-7b05-51cf-b7a9-43043a1c8757", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42669b61-a715-5c3d-aa0a-7398d72e5434", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86a46178-bf64-592e-adc6-069ddd0b51d0", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26f3e05b-4318-5b2b-a3a6-e91219528401", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c19a1a88-81c0-5268-ad91-19ccdab05e91", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73fd595a-34dd-5e59-b4c0-0039799161f1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1565dafd-8308-5b15-a5a3-d2d6bee983d2", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e65cd781-751b-5ac5-ac8c-d3f3792401ae", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-test 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:100e54d3-0705-500d-9943-1cf6fccb2188", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14ebbf27-51ee-5f19-9d73-662d8f620c62", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc1ea310-29e7-5082-9112-9d34fd61dc58", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4037a941-960d-5383-9a53-19289f7e22a6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be680933-dc9a-5238-b2b6-de4acbd5e981", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cae2bfe2-b26e-5506-93cb-f52fead3db98", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a5931f9-5b75-50e5-a373-73b53f285caf", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:495dfa75-a55e-50a4-862d-be8de55fa6bd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb894bc4-d003-5b11-8c5f-cee0e2c25d49", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:779294a4-981b-5abd-8831-a757aafa112b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4daeb65-536b-558c-8928-0501e0b7fcc8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d66ab152-bc1e-5a55-9f1f-7a30234e328a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3079275a-e7fb-5939-8880-43c4ce1820cf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6689ab47-e1d2-5a9a-aa81-cd07d91069e6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8259068e-a1b1-5816-81b5-bf2f43530578", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f7e1a0c-a12b-5ccf-8cab-bd58feea0e2e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81cb3062-d34b-55f0-9e0b-686d4391c161", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcfb300b-3ccc-51ec-bb9c-642e5f53ad13", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da1a1175-6e4e-573d-8f75-efbb13814295", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b02df3e7-bac2-5066-a762-f6a6ce630e62", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24485f7b-90a3-52f8-a45c-3e352a752c96", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8cd713e-fa0a-512d-90a2-55041c53476a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cf78fbc-5998-5b07-933d-6e91b3af5c3f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af9b4823-5c40-5c06-bfa6-a6ae866ed8f6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea64db49-4696-584b-a81a-3a7f6756df50", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be320b89-943d-586b-9011-ad6c3cd40490", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.1.20.RELEASE-tuxcare.2" } ] }