{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a29765e9-93eb-56e3-885b-b96986a838ef", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:db9d4d86-561b-546c-bb69-f119fee20c62", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54e344c2-44ab-5439-a407-5fe3b2dcacc2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cf16d92-ae25-5839-ae30-f9e1ee0dde8b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95d7d076-957e-5411-8ecf-15bc3645a9b0", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30845609-fd6b-5dbe-a410-dc47f0f2324a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b1d436c-99ed-5dfa-9b3c-529e7d66e498", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4880cd4f-e0fd-59e1-9506-e61032f17f31", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dacc748-df0a-5ccc-8ae6-be24c1b0e5b2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19da459f-72ac-5163-8b45-e54c7e3b610f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:467569a5-8a47-5b13-99f5-99d05cd2ea16", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:927def4e-e967-5a25-8547-dcef4e28e0f0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:675b1dd2-5f48-584d-ae64-586a43b6ebee", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcb3c356-a64e-5c88-b3b9-36f28f693b6d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:165f12d7-7f31-5035-9d03-84ba3436153e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:964ed724-b7e1-54a1-b858-ac8ec3d4b999", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1b8707f-69bc-5d37-887a-9e386b5c8b9b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d35fb56d-48ee-57c4-a6e1-38ba6c7bda83", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:daae956f-e343-5a19-9ce5-89d29f5c0a65", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dff6f82d-281c-50b4-b5f0-c131e57205fe", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab3541b-32a2-58d6-8240-b4a5b78aeab2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c0f90f7-c877-543f-b2ad-b3b1a40be73a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d15cd422-7cf8-5840-9a1d-1f225e0005a8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-aspects. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2b194bd-bbf5-5000-a9d0-2be0c9813d31", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9bd1b96-1630-5fe7-9011-d77ae2f5fe8e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba08e874-e213-5303-b9e2-0b77b3bda851", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49f338e0-3d6d-54ce-a4ef-e01d4f5e22ee", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d24117c2-9bbd-501a-983d-4b1c841d56ca", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:555be81e-9d38-5c9c-a32f-7433b46cc6ca", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a24a37d-3948-5cad-b80a-794f95be2634", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df27ab55-cb0f-5915-a03a-1e48d4097f1a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e126db8f-740b-5b37-a3ad-dfc2b9633717", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d8009b5-a5fa-53c7-a678-8689382411e2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:817db703-0cef-56b1-a59f-ec96084680df", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cdb89dc-23bc-54fd-95ba-31d14fbd159f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aef1303d-3929-5c14-a3b3-cd19557d9f5c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9b740e3-d815-5f48-86e7-5ffa626566ff", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.2" } ] }