{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:80af38f9-6687-5914-8d96-4b838bcfaadb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:68db67ab-90d1-5a66-870f-0c1a208ea5a4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bd0a068-bce1-5399-afe0-7910f47d5270", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7849a728-1c57-57f1-9881-0690297435a2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2f1ec79-14e8-5921-bc5e-82147789466c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48d27d2a-f703-5222-8dba-39c34e9b5848", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2dcfdbc4-1fb3-5a2e-8d57-0924aecbaaa6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95e865c1-45cf-56c4-925e-c764f7e937a7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2282fb1-3348-59c4-9e6d-ba010bae77b7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02798c5b-6350-5734-9031-570d0e459b1e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42824878-7ade-5d04-afaf-b7c52f01012b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24d7808f-ebe2-56a3-b7d7-d6baa6d5c119", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce8c4dec-7851-5ffe-87c9-b72dce298fd0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b222d70-ee35-59f9-b3ad-92a3db1e6df3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0e69e9b-deaf-552a-a325-f138648d87d6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6d35d44-ea8c-5868-875f-adb303a391ee", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec8f0514-a011-5891-9314-4e133e86b4c4", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d166ee6-9fd9-5342-98dd-4525e86002ed", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:525db04b-898f-5a84-a284-9b5411ee027c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78b9626e-d238-598e-9d13-f4621062d452", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c5b0fc9-b2b4-5254-89d0-6c0a7b1d5fd7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86be6330-9801-53eb-bcf7-ceec50ffd3f3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa0a9b2a-e834-5a6d-9e62-6fe7a73da606", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-instrument. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf69ae93-384f-5dfc-936d-0980b9c7a57d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca937962-9467-5f0e-8cff-6e82e5dde33d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13ad58c3-664a-5113-8e07-f3fe6afbdda0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2906151b-f1ba-51f7-be57-799638eb7a9b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f8871aa-f08c-5d9d-86f8-b043c26ec957", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbb0803a-91d9-5d03-af16-4d58fc194d40", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:133b2fef-b701-54cc-8d1c-fe4c0397ac6a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0644b08-da04-5224-9257-271a407ea41c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f6102ac-9409-5977-b480-6727854e1eb9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:703c063a-966a-54a9-ac93-12703400fc3e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a6bbdff-3400-5f12-86ea-d162b2286e1c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37f0151f-9340-5a56-860e-2759d7747f6e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9caa6893-b232-5981-a77d-b754a11f678b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dab74e35-2bfd-5c68-a20c-095d2c0588f5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.3" } ] }