{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1a73c25b-5540-5e4f-a0f9-6ac17d7dc00b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b2a87871-689c-5468-93fa-877c7bc4a079", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bdf376a4-3ae9-5fd8-b4bb-490565bc6c9f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74cd472d-f13d-56e0-aafc-fbf0155420bf", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:784d3b60-3dda-5d33-8453-69e98ce038d0", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff1da940-f633-5b57-beb5-da56ebfe2e05", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d85827a6-0814-526b-95a8-845a6d49b909", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a12d125-f7d1-59bf-b5b5-44a06ab51556", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ca48395-f713-5a91-861a-18e2472766cc", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76f4214a-be86-5ae9-ba83-810d28c99fec", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a1e3090-6044-54ef-9d60-c8d7f8f3603c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2baff034-9ba8-5d52-9987-20c9760a6e80", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1dea4868-7741-5e97-9244-2a57d56e13af", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c77f2026-29ee-55de-a7e6-019f3215f1dc", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53c3a9dd-4acd-5d07-b66b-30106f7daf3b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e92e0c9-60cd-578d-8daa-9b6927bdf976", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec15ac33-c98b-5951-abbb-d2ab5ec0539a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8b0b6ef-4469-5ee3-8848-411145a5d58d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9bdf9959-42e6-5b10-b903-4336fd284e2d", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02676287-123c-5145-9f21-0462a871ce8a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fad555e-b071-58fb-9f41-d47ceaee9c01", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:94183d3d-843a-59c4-bf60-9eaff4dfdcfd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01f0a8a4-d823-50f8-9e5e-30b043f6d246", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-core. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db76edd7-6e4e-5914-96ff-a4940848bea0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c206a6de-2d88-553d-8e9e-82d9fed34877", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d0b982a-86f2-586d-8e7e-49cf7648a2b8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d82e191-ab00-53e8-802e-f1b780f9acf1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:592f5976-3883-57c9-b299-b5b59f7665ec", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34f1041f-fb61-5153-a7c3-8519bc4a4709", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:24f26f76-6a6b-59ff-940f-5288bb2cdf8c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:088a041d-fd8e-57b7-b815-9116959a938a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:05167729-37a9-5be0-8441-8b3453039924", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68e1784c-2654-5380-aa83-60c4b6a6d27d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:614ab00c-6989-550a-86a5-f2aa66488714", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d845cb0-7cd9-55bf-8f87-a6b8fff9be2d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd96793e-b5f3-56e1-a39b-0793a9088fa9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f34972e4-bcb8-5dd4-b879-7ce9d789e26d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.30-tuxcare.4" } ] }