{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:62c3693c-17e1-5d0c-a926-0c687d1a75d7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07b65781-cc24-558f-b0f6-c41bca80b81a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b1e8820-461d-5077-b83b-664c76c5a8ca", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04b024c1-e75e-5fae-93eb-c90c66d12955", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:927345dd-8dff-5984-88e5-a001539da6ce", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7726f597-faf5-59a7-9373-8b2a2e916324", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03674dc9-eebd-5eac-9b3f-ed122ea68201", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08489547-6fa3-5f5e-ab76-138e9a46e93f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:858a9ef5-90f1-5358-b834-b3ad98da4bbe", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c94e4f5-0e6c-553c-a526-6c7617adb4f6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70ebf1cf-4e3a-585d-89a1-6c4d657f0f1a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f10e672-7528-57f9-bae9-59797799ee92", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00acac6a-c6c3-5c4f-9a71-83b38464a793", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cff44d89-60ae-5eb9-80f2-0e7ff95a4734", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b807f100-86de-5e57-9a62-2ab11342f1b3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:501395dd-9082-54e3-a898-b795740f07d7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:767a7257-d02d-5b38-87a0-5a1f49e476f3", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a96b87dc-d180-5401-98dd-006f61dee8f2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df9fe926-4f4e-5c75-a103-88de355167c9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0eba986a-ba5f-5b05-aad3-3febc4188d1b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8192cdea-ae8d-5bb9-bde5-49ed599edc46", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf4c34b6-017d-5744-a829-5ddf43006447", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db8fcdc6-f9d4-5529-8b99-0b6c4f1703cc", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08084696-7e6d-5fe5-9d47-d6ca3a701c42", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a532ef80-db89-5f11-8743-78cd1063a57d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:388abf92-68d7-53ce-9e57-0ff0bfd28b41", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6de436b-9aee-5e8d-b552-f86cb05cc180", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17ae0eef-16e7-531c-b692-72b71b0ebd00", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc5aacba-7126-57cc-a11c-3648d6427057", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ea744bd-e6a2-5029-9550-f80cae7ce8d5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f438e93e-f3a2-59d6-8f03-324fb3ca7d5e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81ed01a6-745e-5def-93b6-4d6463f0a16f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4149199f-9f0b-5ff4-82c5-c891e587885a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a81d9e40-ccae-5cd7-97af-e35d2a80280f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57e20822-c9ac-54da-9826-254ed6c8f650", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4b0858b-0ac0-5d6f-9a08-5764d4fa5d31", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c4b4f18-6c8f-5e9b-8bf1-b6f9bd32f56b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.2" } ] }