{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4c82d16f-20d8-51a2-9fa4-7c8f66e42290", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d5a63c45-49fc-5c96-9943-c49b309c2dbf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:880db606-77f8-576a-a734-fb2245c4ba1a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dfdbaf1b-aed5-54b4-bf0c-935ae5ced083", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bef9f49c-bc80-5143-a717-943c4fcfe686", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f6195c07-8b55-5f19-99d1-c4048f8a42e1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:66a3332c-577a-5287-b411-f58fcd2e3fc8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc95092b-c258-5275-b7bc-25e3f1e82099", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a6b67548-b831-5184-8d5f-d1b6c733a9f5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b6987c34-d6cd-571a-8e0c-4136db46dc63", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0535ee71-1ed0-586b-87fd-03286fb3da2c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5b85db7-32aa-568f-a88a-b8752cc344fe", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:41abdb53-38d0-5643-bd37-d7c023a08011", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e3ba6e29-397d-5cc6-9c71-104d40587134", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:531b4fb9-a8a1-5f6f-97ed-1b50bbc19c36", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:85478c82-0c97-5f34-8aa6-5877aa50a00f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:65a9db06-7046-5055-b97e-56f892e0a3a2", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a5520af-4c99-5d62-9247-0c036d62da9a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:35b11770-461a-5d31-afff-e454a56483eb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:699b2a49-a0be-5c39-af3c-db90d7506c08", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3ff7ce7a-0035-5214-8075-57efb96e8cf5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:490609c5-bb8e-52d7-8409-7dcf314b3a95", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a5669de3-5c1f-536b-a39e-f4293660e069", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:38f58cd9-ee09-53b7-9c45-2f291437ec26", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9d88826b-a839-51db-8861-868292f71bf3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ddf3e724-6c10-58e9-83e7-007b49bf7701", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8ed2b876-edc5-5f46-9787-4f2574726d6d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3844e4a6-9a7c-5d56-809d-1a4af852390c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8845028e-6703-59b2-b1fd-e90e7cdcba54", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:42fcfaaa-73cc-5c0a-b334-58ecd280e667", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ea159fb0-c677-59ef-90ff-65836fb2bc6b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dda42139-c088-5b16-b20e-de416b1c59e1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23045be1-fe1b-5b2f-8cfa-ccb857b53ca2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f67a1631-02af-59d7-94e5-ec265f89ba3f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.37-tuxcare.6" } ] }