{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:13955827-fa47-53a5-af78-4f3de613eb74", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3219281c-3a32-5750-a9dc-f4f6ea559417", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b762ad5b-01e7-554e-b765-5822c347e7f4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb84c50f-63a5-5be7-b0d7-704ef307ac12", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f3e8681-19f1-5299-b68c-ff9fa9503499", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fc0ee98-68b4-533e-aca4-d645303480d0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c13feea-723e-5aa4-a6d2-ea3b72768583", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6d94855-446c-5432-9bf2-1e417af086cb", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44012526-2b0b-57a1-8941-61060ed1c65a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bda76ef3-42bc-5c9b-adc8-e9f167bdd7ca", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77f47dfd-a7ec-5309-9b29-bc99646f57d6", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35db3743-c1f1-5633-89da-a5f151b9de02", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0527032a-6e3c-5ce0-acda-5f6befada11d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c50fcd66-95d2-5f10-894d-c483569d66d1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:236e1cf5-91d2-5efd-b15d-37e6d228c53d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fca2ed6-2aa2-58a5-bc32-e9c92b0370a5", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f1eb675c-1d5a-5842-9579-82a6b78b06ec", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fa0f3bfd-3fc3-544b-b4a2-95194ab1e94a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3fef51d-6e33-5444-a2d3-55d33c8612fd", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf0c3018-71ec-510a-ad8b-f7092df99e80", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:deb6e54b-6183-5148-9b82-3cd8e15a4156", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79b87285-6cbb-543a-aa73-0a3a86db73f1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb3f37ba-5b69-50b8-b290-704665f8e308", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afcaabb8-8a57-5f93-936c-c9069f125e9c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c438bb9e-3714-5e72-a949-8809d4e7510c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15d529bf-e0b7-5853-9c75-3f9b371011a0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a49762c-9838-5059-bf2c-af4cb8c83bc0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ca4299e-640c-577d-9a71-32198d2dace5", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1224999e-7a29-51ed-927b-8931f3060051", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6faa4cea-5866-54bf-b51c-8ff03207dcd4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a45fd3e-b549-5c74-9ced-a0eb0b7833c1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73243f13-a4f3-57d4-ad2c-2794da317482", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c991463d-ca28-5e28-8929-6d430738c087", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:677f8656-9b77-5e64-bb4d-acb281d7bcf8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fc2d99c-b362-5297-86d1-a9d8c448dedc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30c15a01-cca9-510a-9f7a-e1496c1e3fda", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e0b7729-fa22-5484-8992-bfe79c47e0ba", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.30-tuxcare.4" } ] }