{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a03ee17b-52d8-5b48-952e-bb19596140be", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f9f972f8-f7f4-5857-a156-ced679030731", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d8f715a-7e9e-52ad-a224-b5f8188883dd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fd21499-06ad-5f5f-86dc-860354d4f5bd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17efd381-3b79-5882-9624-2f54719ae7df", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9730ca81-2a7b-58dd-9628-23fa9f32260d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bbf8224-08b4-5d8d-8b0f-bb3f4af72b41", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a942aa1b-18b8-5a5c-b983-a55ed3498f45", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17e5d5ce-8a90-51d3-b7d0-c70237c02560", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7dcaa38-1c9c-5806-a2f8-29cfb16bce3e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4264755b-ef5a-5e3f-a8b5-b9bc1f8c5df1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb7693d1-f80d-5fbc-b2ff-af24836fbeb7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea5fa3d0-9a40-5a28-8763-f22b6740d1e1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8827c6c7-f397-58c4-b1e4-669573490f86", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3de2bd59-7ea1-58a2-abd1-0d2cabdceb1f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9a3afc8-ad71-563c-b859-beb9eeb571a5", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c379ed33-1162-5047-b393-e8e3af6a8417", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:145826b4-6522-5879-b45f-625d79b7fd2d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb0ae33b-d2bc-50f2-bf19-0aff7d6ee543", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfe08cf3-3266-5079-afc0-da623c288fff", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2129bd12-adda-5533-adbf-ed5c2f122e84", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24487c44-e211-5038-8e08-17ba31d40c1a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:158c25c7-da21-5f9a-9361-5a74f517a365", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-aop. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32abca3b-f64f-59a3-bc14-fc2be15a0a51", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f34746fe-bf78-57b0-96ab-44a8b2fecdc3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d501b02a-c716-5bb7-a261-825c59943566", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7d30a06-0437-5c02-9e92-e75770140492", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42e90fa9-b391-5e7a-bcca-3e36c4c28b0e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:497eb568-d645-5626-a2d8-9e9e76bf0cd6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a2564d9-0489-54ac-a822-dacc75c96b77", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29d98be9-4607-5fae-9a85-bc57e598dfc3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9cf70304-5434-57b9-8620-a90b17da4e50", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c659a8e0-17da-5eed-bf89-24f7395c0ac5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49c09d48-eef3-51cb-953f-f3df2f9f4395", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f7ac25c-e6ce-5321-a57a-a4f165de8a95", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b46c1268-34de-58eb-9a23-b3831b290202", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb8b2843-ecdc-50fd-bdb1-f241f74dbcb5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.30-tuxcare.3" } ] }