{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:af06d926-2db5-5cbd-a7d4-c60f0971c919", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10b20ff2-f222-5c40-9abd-33b4bc2a623c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:949d9160-58fc-5867-8324-13c3f1af6155", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2b7e6a1-e2c2-579c-af64-f42127b49581", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb40fbe9-85c7-5c34-a6de-27b84aca1303", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03ddbe53-f93c-51c7-b5be-11b6569dbe36", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bca94eb-d2a3-589d-b67f-6993827087aa", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d481177d-24f4-505e-9532-9e6c1ab15a7a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:987a0679-b7a9-5b3c-9937-925bd55a4380", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b7191b4-2b73-56d5-9ab7-6c2f56c0a26e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d376833-4de2-501d-9f4b-e12fbfa3ab4b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f42c70ec-b352-55cb-b921-7bd90d41b194", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68380ed8-4293-515d-ba08-a1d4cf3f92b7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:304f22fc-5e17-52c7-b1e1-18f227f6ff88", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e1cb9d8-121e-527b-a0d6-8a0174892961", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ccc038d-1f1f-5ab1-a41f-8db9a5a6bd5c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b0b5cf5-cda1-5fc4-9c98-631f7af29405", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a982569-72e7-5ebb-9a41-339ff18db4e0", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f26acdd-2799-5733-9a57-85f51d802969", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4fbdceb-a976-5be8-b757-fc8092b31f74", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:081ed6bc-bcc7-5fc7-9dcb-3e359ba711bb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e849282-84bf-5d9b-b580-6f60fec51de8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a66e8a6a-c526-50ab-a004-80c175827e0d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-instrument. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:032924a8-4587-5fed-9239-eaf2bae67103", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d133dfaf-d646-5baf-ac43-e877301a7dc3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f16b9a1d-5fea-50ae-854c-fdba4764404a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f6d4fe7-9b9b-54f2-aabb-62d263edaad0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28ad4299-c4e2-5345-9d66-fb58e0217a6a", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea8cf8b3-53b0-5eef-bd80-95d048619d91", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cb6077d-79db-5331-afef-cc70a4806e72", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5cf5a71-3ac8-5d50-bdfb-61d788aeec09", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77cf7c08-5eaa-5df9-900c-b6e6e4f5b07a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ae49fa4-99b4-50f9-a9e8-b726e1a9f26f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f43b0e02-cf04-5900-a09f-edea70a026d8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35643686-cc39-5a36-8e92-e98be7982d7b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5624af8a-f544-509b-970b-f1f70284f56d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:295966c1-3dab-5061-a03d-a1e7fa6715fd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.30-tuxcare.4" } ] }