{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0732fb95-9b20-5e0b-b5e8-bd5387f60cf1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.39-tuxcare.13", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:054d7fa5-a207-514c-949d-397404cd337c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:715696a2-040e-5128-a65e-f8d8b2847d80", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.13 of org.springframework:spring-aspects. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:a94d5bf2-d159-58a4-9cd5-c7dbc52f4de3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:6e5b4d16-58b8-5f15-943b-8306a5e01e77", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:8b7e74a8-9040-5765-8690-9c67241d3457", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:8959ad1d-275a-53db-a491-42155193772f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:5d99e424-7f7a-5b5c-8b89-de5b1b5c0040", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:782c3041-5ae6-5d82-a6f3-ce053472ba13", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.39-tuxcare.13." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:bf80f256-2d4b-5fcd-8dd5-e026cda52d42", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:86b797f0-55fb-53fb-b4af-ad03d8232c3a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:9bb1fd1e-593c-5f47-94ed-d544face9cde", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:f4e45b52-930a-5ec2-9c08-0e4850a87616", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:48a2e106-6cb1-5b9c-91b9-564e68a3dc6a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:779d88f9-85fb-5dd8-9dfd-ba9a68b6a16b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:5ac23eb2-890c-5bd9-b45c-69698f3c5fdf", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:67964c44-3005-5ac5-bd59-c805f18c3614", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:6dc1fae9-f4af-5a7d-b2de-67fc8ae0c939", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:2381af73-6e61-521c-a49a-6d362daa29cf", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:b89daafd-9aa9-5921-a953-7b14bbe69b4a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.13 of org.springframework:spring-aspects. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:29416b89-fd1e-5bc6-990e-a46584a6ddb1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:5eaa2f06-d4d6-51ea-be73-3bf1a4802e72", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:612f81ed-1d41-56e8-b9fd-60ab4dffc666", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:a84d4dae-d181-5b79-b8fb-9fbd534962c6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:1104a2c1-f302-5087-a0fb-9a45db987392", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:808d86a9-3c03-564e-a9bb-eb87d5659694", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:e01b279d-99d0-5752-b6a9-5e88957e729c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:4c57b913-48fa-55c8-bce4-232feb285c05", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:7648880c-8842-55aa-9568-cdc855915cf4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:e6e55401-ca9d-58f0-8c23-2e6ed17a9ca9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:126638a1-0fc3-5bf2-953a-514af8ea9662", "id": "CVE-2026-41851", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41851 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:8ba3da92-e22a-54c4-9e6a-2a9d1801899c", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:53bd832d-5922-56ae-8d36-37f94dd77052", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:d6f44217-81ac-5dab-b586-b032e6ba3842", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.13 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39-tuxcare.13" } ] }