{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f1d05dae-78bf-5e92-a138-1329eb7ae53e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b3e77e4b-d9bc-5c11-ac47-70e331b8bd4d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:05028712-2acb-52d9-8d4c-5321dcd1bfa6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:78a61f36-7002-551b-bc28-0d4a9b918bac", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:364f68aa-c82d-5010-acc6-5c80f94defd5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49ea6fd5-a457-51b0-ae31-086c76813210", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2342a840-4387-5cc9-9816-ba4c418e95e1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eaf9b83b-9d7c-57a3-b852-28abd9796499", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5d7ca3ef-c1a5-5570-9984-db5e52baf43d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d3b2fe0-806e-5ea4-b5c2-f1e4f88e642c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4f0c48d3-9e6a-5bcb-b952-87d0663c99a1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:beafc142-fa65-59c3-aeea-3ec6e10921f5", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6773415f-36e8-51fb-8e4c-18b09fc7d96a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d8dd46d3-3503-5b16-81a6-f5b0455f4bf8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:92f585b1-134b-54ad-a43a-2ab2082e3387", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:82bbcd9e-2c1c-5201-b04a-53486f3c58b5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dba3c6a8-e664-5a5d-a179-362392d38727", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee31de3a-7d1c-5c00-9113-6ef74ba6c720", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:466ffffd-a677-5f8c-a676-c6372c1c4c54", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ffaf0f1-1656-5055-9d41-8a81013f4bc7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24d7ffac-bbea-5582-84a4-694cd0ccb297", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f4b0ed73-e8d4-53a1-91b9-c1534532c712", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38948c94-7dc8-5781-b85a-430fb427f552", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:46db073d-f280-5f6f-a4ac-4882a5b07265", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2ae9b81-c834-5e73-b929-d811e33c8b04", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8454cb4c-0d61-5622-8ca4-1dd5dddedf5f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3b9e2efc-e02b-591c-b3e7-6cee29de5252", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:90a76072-25c7-5c0a-a3ef-a9d831bcdcf0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:85af3e3c-663d-5f62-9679-d1d8f6b1e1f6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c35f6c4a-ea26-56c4-88bd-7d2f5443b120", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b10d573-27c0-5fd7-b17a-b1069a12b6aa", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69a89696-4b6a-5200-a16d-8036d57fc4b2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:51d6f89e-8cc6-575a-810b-b4ea0ee4d5b4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:006b26ce-fea8-5ea9-9a80-f241bb83224d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.37-tuxcare.5" } ] }