{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7120e91d-bb6a-5053-8f52-3b1e7f10c8f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:817b58be-c297-532e-b4c1-9d0f018b3321", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:492374f3-4eae-5262-b9db-700fea7362e2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2cf9435a-88c0-5ccd-b8ff-285fc6549e17", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8bb65d72-8172-5fe9-b345-e9c5ff2f2826", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7662ccb0-c712-50dc-964e-5454bd5666fc", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6930581-5dc8-54f9-9efe-9171bb976028", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c607e22e-8fd8-5c36-b04d-8f0f731fb53b", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e41e1ac9-6d5a-521c-9ddf-e39f4fe4084e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed7fb3b0-43fc-5e82-b6bf-1d6dd19d2b8e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:977ccaea-9944-550e-bb6c-0bc4c02c1fa3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4f0b9994-2e3c-5916-a9cf-542dadf89024", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3bb94e3-e561-552b-8323-5fddc5e480ea", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8008e25-d553-53bf-9dfe-fc275a32b503", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0fae49b8-d289-5e43-ab26-733c184126d8", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8cd36c04-2d2e-519b-a097-bfbc91ad7282", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ec85c5f-6e4e-5f1a-8d0e-f0d26cfa1525", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cd176cb-fbc7-5e5a-8033-1c19e4b3fae9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3de29962-def5-55ab-8904-63ff1edeef50", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:abb70fa6-7ba9-5d79-95a1-d25a070f0fa3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:324901d0-10f7-57cb-aaee-e4c0144e5beb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14f9d375-e4d8-51c7-827b-2f32f1f914b5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03470edb-dd59-51e8-9fc1-c72f20cecd09", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1768beb-7529-568f-84b8-5c22defc2493", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ad6bc48-fe3a-54d8-a5dc-a1a111794189", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cc0389d-b067-5a7a-9981-441d671b0879", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f03c678c-e0b9-507e-a799-f32ea4690e13", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ed76be7-f51a-56d2-8cb9-6f05a04bc1e3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e550c949-3aed-541b-8a4a-3514c09d4652", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d84f3d9-1df5-5cc0-bfa0-8f067af063ad", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2fa249fb-52d8-58bc-9a95-4a0e57fdbcc0", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cc9229a9-eaab-5ce0-9cf2-0ba13e5e778c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d1f67c4-84be-58a7-ab6d-750827f88872", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:def9341b-f5e2-50bf-abf2-13b96c5a890d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.5" } ] }