{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:21a1db12-f804-5bf8-a5c5-a92f3f97a805", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e0961da7-8bd8-5849-8cfd-ae1f3f509abf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6c5002e1-0a68-5c42-a5a0-a82dcd3d085e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e89ceb08-016a-5639-af96-4a9544b9bfc1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a7f89f33-fb3c-54c4-bc60-7fc935a43adf", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8a74a79-241a-5272-a7de-a03ead839b30", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c63f002e-734e-5c12-bbdb-185a65bb5a28", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc730739-883e-5712-a51e-29c6a20560b4", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4e924d32-4036-51a5-b262-dbdb329e2588", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:69ef6660-7a6d-5ab5-ac5e-5d23c7097703", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:03c4ce5f-2307-5cba-9574-68964735647b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3f902ecc-7f6d-5f12-932e-28013cd4653c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:164e0b09-4bde-53a1-9815-0c1bbdae9b21", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0518e873-bb39-5bd8-94dd-dac5e74e81f2", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:13e6e2c2-236d-5d32-aa59-38638099d569", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5b9d02a0-a330-5bd3-aee1-09658aeb5c89", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:691983b3-8e4c-5178-8d2b-5a56e36c5b04", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:adcd9d2a-92cc-54ee-9cb1-351db72122f3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fd4b760f-2b52-598a-83a8-c61467b1be47", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5fd1cdf4-b527-5e69-9faf-c62a78dd7a3f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5f0973bc-0362-5c8d-8ff7-e933b48bb242", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3e18efa1-9474-57b3-b842-5632b2ff5ba9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:10cb7ef7-95dd-5e5b-ad0e-64f4cee4ecf2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b0c88f03-2f79-5012-8a03-640824258769", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6099f42b-c1a8-5562-b914-3b6e7fc62ac3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c0a134fb-8313-5512-b1f9-c2d8eda3df46", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d096190d-3507-504a-ab1f-5d1d302df8b5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8ae8c4f7-6cf3-507e-a565-61599d5569d0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf2552b4-e763-5b44-a48b-4494c088aa37", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:de586501-50ce-5eac-9dc6-d25cdd014169", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9374d0a1-3ab2-5259-9961-d99cdab4a032", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a4179397-c6c7-5a1e-9396-cc46a8994131", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dccacd6a-3046-568d-9e35-c3b48f31eda8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e34688b8-04bc-5d2b-b3bc-4b74aaffd50c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.6" } ] }