{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:36f1ae4b-846b-5931-bd49-4c5e89a563f3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d3d2475f-a4dc-503e-960b-28af7c0f9bc3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cfc69e7b-298b-52eb-b032-735c35aa8f93", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f2498b57-a782-51a5-83cf-018bd1865874", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ba9ad9e-2d37-5f58-af84-b7b84ff18101", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:46455b4a-2bd0-521e-b219-6d00057d50d5", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1b364d5-a539-5e81-ab8f-c8ef7148666b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:875a60d0-8b9a-571b-acfb-b1008aeedeac", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8d040e77-4359-565e-9f25-612f91473279", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dcaf7926-d89d-59fb-b06f-6cb06579b725", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb70dce8-006d-55f4-bf6c-6b8c5d80797f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b80a3cdf-b0b2-53bc-bef5-55c0d7056751", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8edac3c1-d552-53a8-afaf-4595fc3188ad", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3f4a4bd-20c8-595c-b336-dfbc94c84f5a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a62f0717-5c91-5992-a809-402de517640f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ad4b046-17c9-59cb-ae30-5988949b4c08", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:86d7bc3a-32f6-5259-816d-56ba622cf955", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:01bfbeaf-a169-5de6-a2c1-cb2d91914b94", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:97b19d52-3dc8-53c2-906d-f75161d58fbf", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7c5ad1e-d549-55d1-ab95-6cfb557348c6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a8e493e-6efc-5c0a-80de-2ef4d524a11b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b1da4810-10b2-582f-8ac2-55846951d65f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a3d9d5e-45a3-5a8e-bbee-0e0237a59ace", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a495a2b7-8568-5bed-b184-637e63d9ad1c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fbef0c5f-4071-5c8b-96fd-67061bdb156b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0782bdf7-80e6-56ab-930a-a2a0a90e8d82", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a629b1a-a2ec-59d1-9192-50b109478bcb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1cd09ab9-3eff-5a47-bf44-c44f8c232a9a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1fb462fd-f9e6-5438-a561-7740c2ab0521", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:79c586f8-5302-518d-aba1-7eb76bf59fb6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1bbb312-396f-5667-ab5c-cd0b2ccacc5f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5ad0a275-6ade-5e06-b952-91a20fe39e2c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:808d755e-7f6c-5b3b-911d-0da1b6dc944d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1442032c-384a-5eed-922b-ba5f450fece7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.5" } ] }