{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e4a3fb9b-ced9-521c-b4bb-e24714c5ba18", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0e6b5a4b-dee0-51bc-9065-639dc6d959ed", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b3a9f8c7-4473-5bc1-88c8-c1123b0e89fd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ae92eede-e0fa-5499-a125-078ae242f1dd", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3433173d-7cf4-53d4-93e9-c74813da9630", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a00eda30-9dd3-5d5d-a5b8-6feaae8d1934", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ffbdac91-ea91-5019-af10-597a390e2e2f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c2e949b2-0302-5225-9997-cddf0c1dfe62", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:46e18851-86ca-55ad-8233-d999cc0b13a7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:207d8e78-3de9-530d-80ec-7260b9f15800", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:920b871b-4484-5919-92db-5f9fe5f73fb7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:acc6810f-25cf-5404-9152-3c4f6f00aa72", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b64848e4-cbe7-5b36-9195-777a1fafb8c9", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0ad64d55-0eea-5313-9c75-08becda9ca71", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c6b1bb99-fc85-5b7c-971d-fc9a5d047981", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:38808fee-d934-5606-811b-8323894eb770", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2a4ce142-dbaf-5ab1-97d6-14958e4dbd8e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a022773d-d631-5140-a657-68ccba73b71f", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1fa224e3-770e-546a-b77d-16f0fa75fecf", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c381acec-f1d3-5009-9a91-42229fe4ea96", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:97b01a8d-f1b1-5a15-bcbb-353cf857caac", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:17c9c34b-a185-5410-9aa9-e6533bf18e6d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:10ea4115-b8b4-588f-a8d8-aa7a2bba8368", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5ea79307-8224-502b-af71-21dda46b55b7", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:047a95b2-5e13-548a-8bb2-594f11241ece", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a61003ec-c076-566a-b82d-810bf114da37", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0ad0d547-0be9-5914-8216-76bbdcc5a5c2", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9336b456-e6f9-5a18-bdc4-00f4bfe94d5f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:037da6b4-f97d-5a13-a9e3-dda7eb99eff8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6e214561-b6f5-576e-b233-b2031f0de2c9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:723b49e5-5756-59ec-a052-4dda53757968", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fd11af82-91f4-55a8-87a4-b12ba35918f5", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1642722f-47d0-5935-b9e9-d5203926a2fb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:60e5e89f-7d78-5015-b827-ebb6a8e63fd9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.37-tuxcare.7" } ] }