{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c6ec9345-3bb1-5696-85ea-c3e137fd661f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:31acaadd-ae88-5cf0-8c13-eb16d0d60d78", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6056dd87-c489-5ed8-a54e-4b0536bb120f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d21baa5-9727-5d28-bbd3-7abc6f55b23f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17217ad9-6b98-5a1a-ad14-0c13f4546252", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13b14dce-3036-55fa-8dab-eeec99b86eb4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e876f1c-7f83-5bae-81d0-ae29b5e3bd4b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8580bb02-1c98-5c80-9eda-384cba24cfbe", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7bc151f-813d-598c-abae-f3912ae6c66e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fba9de2e-1c5b-5aaa-828f-827580291ecd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49246da2-cd1b-5f92-bc1c-2e514e26c808", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a03e95ff-2948-53f0-9b37-f06ebc9f8ee2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1aaf68b4-df1a-574c-85cb-cc83f163cb68", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81fd67dd-c304-57c6-8770-f9c3b88fcace", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3318f98-269d-5280-9924-9f870ac19fa8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ea031bd-ee61-5b9a-b88f-73ff604326ff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f517f8bc-1951-5340-82c9-63fba1c9e1eb", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54cb6b55-c22e-55af-93bd-7458f0cf5e1c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:554ce97c-4111-545b-82e5-b5dd2a55c027", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39d7b449-3d75-5940-8dc9-bd2f5478fedc", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:441a7958-21e7-5a4f-bc33-e4cf4ea3d848", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46df8b17-54e9-5a7b-a6a1-381833dccbee", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:af5ae5ae-cacc-5fe5-8dd7-9446d9247cdc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cde41417-d030-5802-b011-64e4aeaaabaa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d069a87d-2df9-579a-9247-1648f6434ebb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce609cae-52c2-5df6-874b-edc9a5d1f86f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e64fe0d-7a09-5556-815f-80af61664202", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17d9723f-9a0c-56c3-9494-1a6b386eb059", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a152081-f5dc-51a2-b3b7-45b418611166", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6659537-b4b9-5c00-8d85-cb6f2f2a19f8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd94dd0a-8a39-58a9-b224-c117feda863a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3038062d-d5ea-5d66-95b9-c570b4942dfc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ccea381d-73ac-58de-a429-434b11dc70e9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ffd7559-6791-5140-9756-c12452efa27d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99e19195-925c-5970-b0a7-40fcc44ab34c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0eb4e9cc-6b31-5b74-84f9-6a8a422af52f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6338e2cb-2e62-5d41-a16f-c32d25d4cae6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6721601-c219-58d3-b595-d773b5760ac1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.4" } ] }