{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c85215f3-1a0f-5bbb-81b7-26e5bd1c3ca4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5fcdbb06-75e1-5de3-b790-18a063bd2ea0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f44636e-e33b-5a81-b6ea-fae262e0f077", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6f884c02-3aa7-5fc1-940a-fd89f6e8c0d7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:17a67b13-3523-5c9f-95e5-68e59439404f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30395ecc-92f9-5430-8654-b0e2ef15f775", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:986522d3-c113-5e7b-ab1f-9f8e930a2882", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b3a0df19-89b5-5317-bd06-886d51adec7d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bc8830a9-78f4-5190-9dae-2181ec54707e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4cd34e55-696a-5125-8e6b-b8a56204e145", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e78d6c19-1f19-5bf9-a794-250b76a5ccd6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b278d14b-b508-519b-84d5-5611b5183c0f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c8b52249-5e15-5ec6-bde3-e713ff583982", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bf97c884-492a-5350-a5e9-4a83fa254509", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:de698c14-f5eb-515e-b722-b47bfc5f1c55", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4975044e-974b-5980-8036-06f01e26e226", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:34dbf2a1-3ee4-5cbd-9179-e0945f420429", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aaf2d76c-f8cb-5bc2-b484-33bbef27bf3f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b9728a86-78e3-5952-bb1b-ec733a605048", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fd493101-5dc6-5774-832d-f288f1d8d81a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:252a7b61-86e3-5223-b3ea-93554a3fbd05", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2b04fc41-b55c-5adc-869a-8cc188bea724", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:72e64c0b-dcd4-5756-88c8-cae5dbbd45c4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c67b1c87-a17b-5fd0-890e-66bd493dfbdb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:309c4c84-667f-52f8-af80-a5908320a696", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:961d7f75-0aa8-5fc9-a170-ed6d16334c97", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4f5ebb25-8f76-5f25-abf5-2b63ce7d93b6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f6e2425-7848-51a8-aeb8-c346530d650a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b616bb1-4f0e-57b8-94c4-699c118180a0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3a0edfe0-5294-52d0-a6a0-e71807b55d54", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c3bd2ef1-9011-57af-b6a2-6da026396062", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:89d1ab92-f2e3-5ada-9f7b-e223550c1a80", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dd921a55-d329-5242-9189-0de9885db3d4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:401479fc-da6d-5e7b-adfd-f27a5dc61c0e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.5" } ] }