{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4785762f-3abf-58b5-839f-dc8aaee5f47a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a48f7670-3020-5fc1-b6d3-33aea3600ad9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c349d59-cdf8-5d03-96c3-e59dfa3faf15", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:305c6f76-ded9-523c-96ae-7b3a911f9af5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7df0f06-8d3e-5f6c-bc78-6d8ddb13c495", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f14a75f-7003-5a7d-8c8f-de6e321b5601", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44aab375-415a-51ed-a475-ba3d0a9ecbc8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6cf09664-33b8-5486-9f1d-cacd024d2dc4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7b7c672-f777-5b4e-aff5-9c6dd10e8609", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46af97ad-2656-556f-9bdd-4de4ff23c3cc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5432590d-9555-5123-90c0-b2936c817ed7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e916c0d9-6078-58f2-a169-3ad4d9aa14ab", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b471160-b508-53db-8b95-d87dfffb5177", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-core 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ae28680-b106-571d-89f6-f0b1933c1f92", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f85711c1-5d18-5f0a-a410-caa3b4fef93a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b63e00f7-fe3f-5005-b4cf-96016ec3ac79", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:688ddec2-aadd-5624-8960-03d121f4384e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d54c804-6f44-5381-892e-0a8dac861421", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ca51c5f-4655-5856-8dab-315e3e213b1d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b12b8e5d-0650-5cbe-ab80-6c4fb301aef0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe7e5ed3-5530-5936-93d9-0a84872696de", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f33e16b-b2d1-5a53-bffe-c7fab7b12872", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c91c23ad-20d3-5270-b5cf-bd6b1a24634e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:990cee54-65a3-52e7-ab6c-44803b2fe048", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-core. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bad0b87c-7b96-57fd-9f5c-2e26142c994f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8bad9a26-ca50-58d8-9a51-564c808f3ced", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f3c5319-b157-5a05-b1a2-4a800837b65a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca05e3c8-0cb0-5e71-9266-b9a5386c53af", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65b0d5ef-fd78-5786-85c6-a9efd1bc04f4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d20f77dc-586a-5875-bdff-9e1411752118", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e5c5ab6-90c5-5203-a738-1d5ccf52798f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4110231e-dfdf-5c70-ac45-6f701364499d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c80b2d2e-f779-5596-bdc9-1ee92cbda146", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c60f993-9dae-5bdd-b568-f5f4bd57988b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7190bca5-4216-5193-9b14-07213b1d33d9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:006120e2-b361-580a-a171-1e32173c9b29", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:388a565b-0c96-5684-a7ea-699bdc5ff186", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c3df35a5-539e-5426-b8da-a181ab4849d0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.29-tuxcare.4" } ] }