{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6a9fff13-e4a5-5ca2-bf8d-79a91e887c18", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be57b4ee-9f23-58d1-8ea5-c5f62d06ca1d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e375e75-b809-5e7a-aced-25af316e78b4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76ad92c2-cc3b-5009-8f25-2338cf36e1d5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1a6d178-3da2-55ee-ba4d-5c17ebec6c8f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2ed36c8-2147-5704-85c9-bb701af2803f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9af8094-bb13-5e74-8d99-ead443f6cf8e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cd70f42-6393-54ec-ac5e-af682a76276a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ebd834f-56d8-5de8-8301-701a40b6f87c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:208ec49e-0f72-5849-b3f3-c7e6be2b4a27", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2d9b784-0ba5-53ad-b22b-1ce082e278b0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa16aa6e-4d51-5dba-bf60-348a93d3fedd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d52d0b73-f583-56a4-bcef-5e336e646461", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37542551-bd86-5325-8813-ac0772b03f02", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b72ef50d-668f-56b5-8b45-4ecadb0968f6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b01ebf57-9dde-5a14-bae3-9955ab595f6d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea6c270e-32f0-52be-91f9-eb85016fd0b6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1ef6f95-51ce-5124-9400-3dff975955d5", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:674d612b-0cc1-5587-8642-6097411fd9a9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb6d6781-1b87-59bb-9e87-27f98e5a7fb0", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:512d2502-b627-5356-9168-b50620c7a053", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4449e1fd-144c-5cec-aa1f-8ccb12fec1ce", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af3cb767-6eac-54d5-bf16-9de558a3e9a0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-core. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:061c67d8-a2c7-5040-8e60-c876e96871ab", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56e216a8-21a3-5f36-8cb5-a9f3bed5a965", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e21ecc5-50f7-5086-b70b-a3577c982391", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8efa848-231d-5e33-b4eb-49ade30a26d5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a6e30a1-aa19-5ea9-869e-50cc248614fc", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5edff505-45f1-5ad3-baf2-b90db392473e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7010f23b-7d67-5ab0-9d3c-2aed19d799eb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14807bfd-9561-5d9e-8015-d811e9415226", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d476a68e-1b25-5e3d-81ac-e6f1f5945648", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:367739e8-8060-5117-999f-5b7a797e2069", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce6be807-b9f1-5054-855d-3416910175e9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a942fa4-9641-537d-900d-fd3f5af102fc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ed6dcda-517c-560d-932d-982c84f80c6a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50eb63d6-8880-5b00-a073-591b629ef398", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.2" } ] }