{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8cf18694-2849-57b3-b0c7-7e8d7c2abbce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e8b3c21f-0372-55d7-9d6a-0511210e1a7f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ea9a6ffe-dce1-59c6-aefc-6bc3336adecd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:29d89293-197b-58ad-ab81-c117ed234d47", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e20b2fa8-c8dc-5c69-8243-e2c252866419", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6fd72396-c4a1-5dca-8689-91c04e82cc75", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ae3df960-07df-53d0-940f-25bea47f4363", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4ddae55d-1dd8-5792-af05-9b9ea9f57dfa", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:94d157bb-b715-5240-bbb5-35246227479d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5fc57d90-6481-5c27-9a7f-44205f9e4139", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:58741482-3cfd-5be1-a3c3-0c8cb34b0565", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ceb3bbcb-f464-57fe-adb9-d35a80fcec0c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1d5f8899-09fb-5866-90fb-b8ff76497505", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:63f7517b-f0dd-55df-8e43-952dd7c93faf", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:68905c54-006a-54f4-bd74-b01f5a9dbd61", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:32dd721d-75b4-55a8-9889-468df0403c6e", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:873e790d-39d6-589b-85bd-8bf9dcaf7a0e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dab69100-ab90-5418-a350-c9e0b233ef3c", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a4794f94-246e-5681-b3b2-e72b5cd6f3db", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3cad50df-1bbc-51dd-a650-ebdca049bd31", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8095363b-b448-524d-8e85-75978f403b87", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:67e06563-7259-5c9b-b665-8c2a14a9b069", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b8ce92f1-3241-5c75-af73-7a2db7b9cadc", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ba61a824-55f0-5a18-a10c-00a104011ecb", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8dbea872-17bb-538a-b197-605e6dbe9cc3", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9d5c0cc6-52e6-5bfa-a672-8aee9e66fd71", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6823d6d1-63eb-5b6a-bd66-30f08c118bdf", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:554bf773-03ec-5687-b41c-79749e6ae472", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e1b3bcfd-5219-5628-b63f-41f2d8518b5b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7b0546d2-8cb7-5488-8191-651bb67c54ad", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4dbace4f-5ab9-5a84-a826-21262fcd58f8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:30f02f1f-3b7e-51cc-a579-c98d868d20c4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4b8b458b-6ce0-5fa1-be76-63aab248df90", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:def1fa46-b2c2-5ce0-90b4-ff1d65a71c4c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.7" } ] }