{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:84daa26e-87b4-55d5-be3f-06624ca66e19", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bc22c0ba-37ff-5315-afec-de2fde25fad3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2080479e-cc59-5b25-9f6f-98de456e9bfe", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7443d1a5-3dda-529f-85e6-cfd502f66d97", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2387314c-8e91-5e8d-a6d5-e653a91ef458", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ea1e138d-9000-537b-bab2-cff48ca8f8e2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a2666cd1-5fb4-533f-bd5c-f451f031a3d8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4d1054c2-ad40-58cd-947c-c9b8a3ef9f10", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7adf30e7-1d25-5e0a-b232-2a90f6ebd4a6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4b29d66b-880e-50e9-a98a-a89288ceeb13", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d87d6f3e-0782-5677-a52a-4897d435c991", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2780b0ed-c592-5d37-b5f4-b8bf73236287", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c9c796ea-b8b8-51e6-8f2c-a9a561e27c5e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3a72740f-0a1b-5c15-af63-b24ba1306f8f", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:84383e83-da09-5fa4-b982-ec9c66430ac2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2fb7643d-e9a1-50cd-a435-98fef11e0363", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:693b9648-b26b-575d-8162-92bfbec354be", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ddcdd769-c887-540c-81ec-fe5b38d85a97", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:25d4bc46-e41e-51b8-bdda-161a61289d7b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:664e954b-e4cd-572e-95f1-e9da12b77b2a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6ae06358-8c64-5351-a640-cd39ddaa52c9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:557746eb-95e2-505c-b3a2-5726a704e2a3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:76909b77-89ec-50f9-a6bb-12e660b99dca", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:022f066f-545a-5140-a996-2462273c6ccd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b3f6a622-9b01-584e-b680-1f9c962506f9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d85d7ac9-89fd-58e9-b3dd-0c48fa035eae", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1dd1d8f4-1ec9-57cb-a181-07e6be2a0866", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b5be19a-2dc9-5030-ae7a-3d4447c1c692", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23a31fe7-b1a7-5246-87b7-92ec1a9fbf8d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:329e46f5-50bd-56de-a85a-98f843062253", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:479f52f8-f81c-590c-93d0-bb887a1fa939", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a5ad4f6-c7a5-51f9-95f3-5472923c019c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1ad8dc08-d265-58d9-b69c-77ceda92834c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ee4cac2c-8e7c-5700-9b85-852ffaf9ac97", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.37-tuxcare.6" } ] }