{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6473d189-c98f-575c-b12f-7b358a9351d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7c6a4c8d-57f7-5c08-8a05-d1e7f628778a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8627338b-15fd-5615-a441-2253844553e9", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37adcf84-8088-5231-9d42-44df64ef331e", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fb1e445-f48c-5c1c-b818-e98b1aae2cd1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f33e58dc-25c4-5fd1-983a-202d7a99e91b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cff3ec79-1b8a-50f2-9b42-c8618488284e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1abf85ce-214a-526b-ae6d-1e46f126a9df", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b1449bf-c7ca-5884-8685-e8900e303aaa", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82dc70c6-6a0f-53aa-ad2d-df614c3977ae", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bd08dac-f4cd-51fa-bc3d-17316a5081ce", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5851e41b-519d-5590-aad2-1cc904f3674f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2747d95-b3c4-5fb0-8bfb-c99c0b48775c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8471b581-956d-5fbf-860b-5d9a9619d77a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:738b30d5-0b08-5f54-8113-097eaf09feee", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:558f4873-51a5-5515-bf00-9918af82d21f", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55b388b6-583e-5abb-af51-1902c43a0958", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-webmvc 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5da00cc2-283d-5096-b08b-b12b7bd2df27", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20d08076-74ab-5ae4-981f-aa44c20efc3c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f1d8bcf-668e-578a-b6a2-7d0e13ec1080", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23951304-faed-5670-a69e-6089e6918916", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98fd9b4a-50dd-52b0-9abc-d9841c34c041", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57356e22-b2b8-5f56-9295-ef0513ee4661", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8af0d75-7c6f-5ac1-942e-352921f0d67c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95edb4f6-12b3-5a9a-9939-5f1e6fab8904", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f34746ad-5f0e-58f5-81f3-0d67466b1cac", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38091c7a-ac52-50dc-8968-8c829491b484", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2838f5cc-fbec-523d-9b3e-bf6ba3e1047f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:152b9e88-64d2-58e6-8c84-a8630d6f8b0e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13d7bb70-b223-5141-a1b4-9c641b05abd0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b503e143-d4af-596a-820d-66d4148faaaf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3088352a-d654-5192-b21b-bfd95203277c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f155d6f7-509c-5f4b-bf1f-b27977e6ba96", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67a86a71-a3e1-5a55-b97d-d8b58f5bf42a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4aa75d5-3792-5a9e-b76b-4f7fca323996", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40007b19-6e2d-59cc-b170-98237912c569", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:339f21eb-974a-5795-aeec-9635973f3aef", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e408fd1-8525-56b6-91fa-46a7ff0b21e8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c8334a5-d430-59f7-9fc6-4271197a194b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2e06dff-11a8-5ebc-8a4c-725b9a96edaf", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d43fecdb-4ad7-5434-b31f-068a0989850e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94f2edfa-571c-525a-8a23-70013a2f8bc3", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4040fc4e-1396-56ee-87bb-50d55bc9669b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.1.20.RELEASE-tuxcare.2" } ] }