{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a996a79d-eb31-54f2-99ec-bd26b798fb48", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bfe1cfee-0326-5d78-9102-b62c91055fef", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afed45b1-ed27-566d-8709-82b099a28b71", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:534077be-7480-56fc-812d-158f3c09bdf6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f34c1f45-78fa-556d-93c4-00b36258b05b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00129f27-8a00-538d-8e7d-0e316bdd53b9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7989adc-6d7e-52ad-9918-0c11863fa019", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc204d39-aa4b-5565-8c4c-a1b7d0402041", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39164940-0fc6-5364-8803-f394617fedb0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:12164f21-92f5-53de-adaf-83e2cac9eb8b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77af0610-3d16-5bc3-83d9-dbf22c3335f9", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df5c80aa-3c1c-5b89-98e0-41c19fbac88c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:005c9df5-a04e-5bf6-b52f-f580fad52c5e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:29cc867d-7db0-5773-ba5c-bc0fc9dc0b52", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b1cbfaa-f7dd-57d7-91f9-2521b4cb569c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e7fa05e-5259-5096-b8d2-f265a6a06d36", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48b56412-8d4f-5e2d-966b-10bb8fce86c3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6cad59f5-8114-5b9f-a0ac-b31484d1312e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9cb9d3ce-0482-5748-8198-80ae564bb879", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d30bb3c3-c23f-5682-b3c2-f434fd183913", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1673d7c7-e49a-5eef-8697-711ad07dec28", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76299327-b4a2-5973-b59c-92a876ea424a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec3125cf-daf1-5af0-9323-0ab55c1d398f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-beans. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6975a801-e93c-59e0-874c-6042eb80eb88", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3df08ee7-c30e-5784-8935-d47d048339aa", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62bef37a-e9cb-5f32-97b8-391cc216f12e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a819fabe-6773-542d-ad65-e6ee7f93d0d6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b123a0c-6a0a-560b-8a00-2fdada4cc892", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0800a746-3e17-5c48-98cb-9121d5c4bb37", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ba06fca-d462-52a2-99f1-59002c35193a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aafee649-9236-5a1f-8f31-4bf72431a588", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84e787b4-2d36-5e15-9084-5e7000196f26", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e10c41ed-8039-57c5-b032-40b879d868cd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26df2f6e-a312-5921-a1e0-d4e02f722c32", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9278c97-8b18-5510-b73c-5be6b7992280", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:553cdf58-07a2-5e8f-bd70-588fa2781c1f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5c7a635-ccbb-5658-8486-d5444a62283b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.30-tuxcare.4" } ] }