{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e4eb1eb0-630a-58e6-a8c1-8bfb2913bf57", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a037e9b7-1c0c-5307-b76d-fd9c2eeae00e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:913f752a-c07d-5367-9b7d-2f10865f9242", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcc5b778-4b10-5758-82ec-f3072e85ea71", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4466f77-71ef-595c-bbb0-936ecfc054f8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee9b7e1c-2372-55ea-9a31-302d501bede8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61518acd-d32c-59d8-9ec6-b7ea4bf42485", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0db7be3c-4a34-59df-800b-4362bd0e9b0a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ae29e2e-c073-53f9-8e5e-8876a67d295a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbcc66b7-6208-5731-8b3f-b8b619df545d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4341dc2d-2bb1-55b4-bebc-e19afe578745", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d165f7bf-be4a-595e-b861-70058faf4d40", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d072c1e5-805b-5396-8de1-ff0ee3995696", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10b88e71-8bfa-5fb8-939f-2be1cd765e60", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:baea3e61-65c8-5fa7-bf0d-bc7aa2df1ee3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fef19608-dce7-5f4d-9850-bf9ec4320d19", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6fd9e60-b2d7-573b-9e18-d6664d46a7a1", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b27938e-496e-5d14-9f85-9eae74f27604", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d85ebed-0172-5afd-aded-48fcefdc9c96", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d60638c4-2e13-578b-8a28-f20b9a222531", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd712fb7-07ad-52b6-9e86-123488a3b3c4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f8ee946-a138-5c6b-95bc-6c14d80495b0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12ce7284-9b72-5359-be77-d1f0c417c8fb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-aspects. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4fff7263-060d-5a24-bee4-ad6f9ad62047", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:149e21e3-103e-51e9-a07c-4ba71af3fbd8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68f609e4-180e-53ed-bf66-cf267c8e012a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07a705f6-57e0-5031-ac10-c8549803278f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ca4360b-3edf-539d-9c5d-3e97e8c0dd42", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b1e6cf7-14ac-554d-832c-3107c2a913b7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8f1692b-2672-5370-bc27-8a8f022ffe0f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a2f1bcc-29cf-5741-a145-d89be4ba04b4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9de3b628-8f33-59e1-8e76-ceb649e441a8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef69d828-b913-576f-ada7-97f79ea56701", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88b0c20d-00a2-567f-a956-c3fceba6c788", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a416af33-d91c-5123-a5d0-cc218b79b080", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf47c87a-2390-5bb2-a20f-cf3aa23cab44", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8534a321-b02f-50fa-8275-a059cf93685f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.30-tuxcare.3" } ] }