{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ff8a6c42-f654-5381-8aa4-e1feea46ba85", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6fbd1c22-69d4-52a1-b562-f720283205ee", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0f1605e-35f1-568f-b53c-8dba2f6d8587", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b93eb673-78ae-55c7-9297-1892c8bb88d7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bb2bee2-5950-5c53-94e5-713a6c1440ed", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58aa3558-fcf3-570b-92eb-a372d04ec788", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8575101c-1298-5ea3-aab9-47129039f994", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:179e8b9e-6a11-579f-8383-f8bec8bf65f2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ebe0127-d216-5eb9-b21e-74fd074b48cd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7de38728-3177-5381-ab06-8f7f90ef9bb1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:182b9bd3-c9eb-5ff5-a426-b474eb1c6267", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a657f39-aaaf-52d9-b913-c5dfbc64d2b0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ce09fed-1336-5a71-857b-b37558c076c2", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64575683-6c06-57e8-9055-bbea82602bf2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c693db70-5d43-5e8b-99f1-9fd2db595cc6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3646c8e5-4ca7-5110-ba27-efadf1e320b0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce1b3450-4a82-535d-8763-63cbfb94beab", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63787904-b6ca-5045-997d-631aa9a9cdbd", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cafd48e-493f-548b-a280-9d042a5f82b4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:220b63a7-7d5e-5186-b786-21a860484a2a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a54981cc-48f3-50f9-a609-581fd32f1abe", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:631e985b-32ac-5f86-9b2a-db16aa854130", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:979e46c1-1b7a-569c-a534-65b40f0d2a77", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-orm. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae5f1bca-c0b9-5a33-94a3-a0afc3a1492d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6f3e7be-7416-5981-a1ea-8d9eb2c099d6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8339adfd-30cd-5728-ba41-9517906775bf", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b9b7007-5924-55dd-9c83-dbbb06f7bd30", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55b7a175-620d-5cb1-996d-921ca76ab6b3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90e5b088-94ae-5d57-b4ba-333e20a0a3d3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92001a26-0898-57e2-b433-de78c1c4723d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:872bdeb3-1a16-571d-861d-8e883e923149", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6b1ffb8-f5c2-5d17-99d7-474d65636ad5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72930ca2-e2de-54b1-9311-c513b0c4247e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a995ada7-656d-575e-9c8d-551e3429d6aa", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28a687e3-b964-594d-b994-ecf93af660a9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2930686e-53ff-5f3a-a395-f615120843c1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fa73e40-79c2-5a03-8832-8d6fcdb4707f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.2" } ] }