{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:69626f22-9aa9-5702-b204-a4ddeb8306e9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6250325c-a629-5858-a24f-cc7e6517c552", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29843680-5a25-5c64-a7a4-b6692fd08362", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:348dc0db-8a96-5727-a79f-2804284ec2ca", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6bb2927-2929-52b8-8841-52b32bdbda28", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bc9b710-5a27-53e9-a045-92aad4bff21f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12b51f76-8e48-5619-9186-bb7f586e2f9b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3301ecf3-9feb-5518-b677-d6e59bfdec40", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9aea2f6d-272c-5c27-843e-4f4e76f87d97", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce0ff028-1c8b-55c5-90b9-2eaeb6ab3aab", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da925b94-c887-5f3f-b487-ae0a4f27bb5e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b6884ff-95c4-5127-9405-4c03c4518c69", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79950b28-13a7-5f9a-9058-4324b77cd4eb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbc86fb8-770a-5baa-af41-d155fb0d8369", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c15af111-6c4c-55dc-814a-ee2805285e5e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7639c61-6cf8-55bb-b765-bd9c5c2cddfd", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f57d7822-62c1-51f9-8f45-e7ffe8f7588b", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89132950-32d0-5e39-997e-6b8aff2c6fcc", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f2bffec-7ed4-56fc-8df0-10996ccb5d27", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ea4f5e9-452e-5779-aaac-196cecd43390", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef43bb78-b322-56b9-9353-3a9ce969ccbf", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7cb4ce39-9a80-51f3-a514-1f93a7ded21f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55c08bb4-eabb-53bf-b8ea-90d9ad46e762", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-beans. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd6a54fe-a075-56aa-8088-f9b0e0acb4a0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2f5969e-e242-583c-872e-e76dabd7c382", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d417724-c3b6-582f-82ca-8488f82b4b4b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c35e022f-a958-5579-b238-865cd0848fee", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73c62ddc-5c52-5809-938a-e3530a2bedc9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63ec6014-27cf-53c9-9de2-dd64f38d8986", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe61420f-b213-5598-9027-784c21a25a7d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15ad846a-4710-50a2-b197-77dced6e76c6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62e9f9bd-4a07-5acf-80d9-5203e3ff6907", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2fe7e0b4-029f-5e37-84da-a5c4f68be779", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85d13554-4963-515e-b8a3-649e21766f6c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:687b2a6d-3372-5eca-af44-d24e9838faef", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9913ab97-fafb-51ee-92f3-f62b8d8eb615", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:411565fa-4a8c-5621-b1dd-a301f6c96c09", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.3" } ] }