{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:12e5e510-28dc-5d54-87d9-59538e420735", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:53bcc44c-ed74-5b36-a470-8702424566bd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cdc912d-98bc-531a-89cb-85f952188b52", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2696c61f-c714-59c0-a201-4b6bfdebf692", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28475f17-12a3-53cf-b753-8741f3c5d2fe", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5414fa40-e1de-5e34-b111-f5a23e5a2b8a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:116d2a2e-3b32-52f1-98d5-5a63a7ca1361", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:080ed6a6-3451-528c-8b0b-f9eaec7044db", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e81a145-582a-541d-9477-b819ca6ae6f5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b7338ba-7b06-57a4-b2fc-2bfc1c746cf2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:adaff530-c930-5714-a6d5-4b0a840506dc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd57a8af-9b9e-5009-972d-5ff57e4c08fe", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bdd0b0fb-deba-5f51-bdc1-457d8981f9b6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e152484b-5d77-5421-956f-5f30ca76bb8c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02c4d98f-177a-5777-aa1e-2e8900ba4819", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea4bf78c-39b6-5c67-8a41-8ff0fd57e0e2", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d63e9375-e654-517d-a975-767669e19299", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ca54e34-003a-5648-8ebe-ed6cde3a2b5c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9c51ff1-188c-58d9-ab03-7f30ac6abc23", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6abbf1f7-d392-5cd3-84c7-6217fd82f679", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:060087c2-c7d1-5bbe-8f4b-fbe7cb5a8a03", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78ba53ad-0efb-5996-9b83-5a4d49505528", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36ddc236-d670-5721-81fa-1766af31102d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-orm. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70ebfc88-2c1a-5fd5-a421-72faa8de5cad", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed8dfe00-369d-56a4-918a-98f99a45cfb3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5e17610-5d7d-5d9f-9ad4-071dce2f2cb8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b8e9772-c12f-53c9-b090-5b7050e2d9b5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:743d0501-9715-5429-a3d9-aab7a2b8a489", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d1a297f4-36fc-50d3-890b-ff3ca32ac032", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1fb93653-c88e-522e-844f-93747b4a1a1f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:585717cb-d6bf-5706-8fe7-29f6a75cde04", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcf57bca-e74c-51db-a2cc-28af28c65655", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67f081ff-3717-5cd3-aa27-23ae83f5313f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:58653528-43e8-59d7-a3e1-64f6a20ae912", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:329ad5bc-1427-52f7-8efe-c6329a3596f0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fc4b7bd-a550-5e2c-aeee-7288dea590b4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f021a1b-c3a0-5391-8062-aef4b12ee1f2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.3" } ] }