{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4b394517-b25e-5b7c-8703-93d2e0287ef5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:12b88e7b-20ed-56be-ab0d-549b94a670de", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dbe0231-2e40-5cdf-95e3-877e883f6352", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a9ba5d4-fa44-5b68-ad9a-0692cb53f5a8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29cf1918-3dd1-575f-aac0-7b08a4a477ab", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a73f6d5-7bde-5a39-aba2-1d69a4512de0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b26347b3-fce4-58d2-aa5c-8e4a4e743c3e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8dd0f17-5d0a-5508-9b7d-f781e3869951", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4fc9d007-140c-559e-ac20-687fb7fcdbe2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a0e3195-1541-5937-9616-f9c5eb18929a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:168c5e6a-e8cd-5315-84bb-44403e0c9992", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de71da0d-30de-5692-8124-e585d1034be9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:157ddeb0-14c2-5796-b90e-90202ef0143f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bd39ff6-ce79-5340-93c6-6ae7f65b86e7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3dea50c-fe34-598b-8be8-1cad578c349d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa80200b-db50-57f7-bd86-1f9d99102c61", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c13e35a-4b47-5142-9666-2c4fcf4319dd", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdbf3bbc-fca9-5e65-8599-3bb1b427d963", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17e8864f-b599-565c-a697-0a485ca2bbe9", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:255f699d-afeb-5ae6-a4f0-374a66597391", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fce0c9d-dc4c-5721-92e9-ded27514db2b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad9bae8a-284b-5477-9b3f-932c055a6d37", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7e29379-021d-559c-a951-8ffe3f6701e9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-core. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14ea7229-42a9-552d-8d65-9c052db7d7ba", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16aa653c-4373-5e1f-8c8a-e4fa23d5d408", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67322aad-ae9e-55b2-b98d-c937825e00be", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e49740e5-071f-5d8b-a8ae-0e54b278703f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:568b3ccf-27a8-5f27-8f73-dc0b4dd0de8e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8853dba5-14d6-58d1-96b8-5e7705048d95", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:747c065f-f626-57f6-9287-afda8ab6c37b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6aabeaf4-72ad-50a9-acd6-e34a5a0e52c3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:117a477c-0a34-5051-82fd-9fcbd46b33d3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8b9c9fc-4a95-531d-933b-6402305bb789", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9d7ad0c-f9e4-5097-af1b-e62b7e1a811c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76b4ae91-7405-5ddd-9639-9056bd0e0d5c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f44d959-34e6-5aeb-bcff-16235f3a13c6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6be26ed-e36d-59bb-8b3b-13595a925b03", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.3" } ] }