{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c3eaa690-ddb5-5307-aa31-df6112b40cdf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6ab79aeb-3839-5e49-845f-a14ab98eeb8c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a743cfa2-83b8-538e-95d7-0c3672783781", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c8ad8b3-6cf0-518b-b3df-54a02cc8aa73", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7de4e39c-7d93-58d2-8328-d1be65c71c07", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bb318d48-cd70-51f0-a65a-ab33352e8ab9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8bb0a044-3645-5a37-882e-73a4ad3e25af", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:866a6d62-d0bd-5914-b0a1-062517cf0309", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d14bd78c-6a30-5c4c-9013-80c1a709b7a2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a44ff159-a5be-5bb8-95c5-3809858874b8", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a549f6c6-8960-5e90-970d-062c490307a4", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d0835f9e-b3e5-5fdc-8aba-6356e7b0bd94", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1f1ca2b5-454b-5033-b93b-915d7b43b617", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:82f4e6dd-edc7-5009-b0fa-8f921df74098", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:09af82c2-49bf-594e-aa3b-211b827ca7af", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8680f9a3-5eb4-5aa8-aa05-19caff3d5055", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:89c6850c-8306-55f8-818f-0ac5a9fbcedd", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5f139d8-1f11-589a-af16-2f144c835fab", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:98cd2a89-07b7-50a3-aee2-2b6642144ca1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bb4de2ba-1c0c-52ca-beb9-f64b9722e656", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:87295bf0-8f2a-5231-b4f1-e9f1aaebae69", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f17d54e2-8798-558a-a706-055df81670af", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6dd9a848-d719-5e37-a34a-33bbdbb98ec3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b2afae76-3931-5f61-a571-f28a1cf9af38", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f2079bb5-8d88-5c6c-a41f-e5917bcba907", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bfa196f8-37a9-54d4-babe-aa81e13884b4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:40085f62-b8ca-5c1d-b086-b219b62bf60b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c9df5f0e-f9ef-52e5-9559-6747354cea18", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cb654951-da90-5f4a-ac29-345ec158afe0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:41a8bc9c-8310-5678-a05c-1c65e2884497", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0856cf65-b57b-52bd-a19c-2e86ab21354e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4f5d87a6-3f39-52e8-aecd-a349fbf27287", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:39ed6ef2-7ae0-5e8b-ac0d-f4fa95c372ad", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2befa43c-bebc-52f6-856f-f698f2d14b00", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.6" } ] }