{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6fcf61b4-588d-5d0a-885d-e3b22657d45d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:52b1f4bf-5b23-59db-a875-1e15c80fcb8f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17554ac8-d34c-5207-bac8-3106e7a88749", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e103ca6-ae3b-5b17-94d7-b091dc719486", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b97d13e-b604-5271-8cb2-b91dcf134a61", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd290f94-2001-5919-a50b-b6d2a4294589", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:754639d1-633a-531b-80e7-b00d7803eda4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:208913c8-cc05-558e-8a9f-807a5714638f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68a1b3c7-a812-5f49-a39f-a44d5a4075f5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fdcd3d4-39d9-59f3-834f-0a5ca3f42fe9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dab8d8c2-8c32-58cd-81fb-f5cb2cb129aa", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3d32858-dd24-532b-8e76-f7fbe12043c7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df285d55-6a66-5fa7-8b28-d3ae4ad46cf8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1e24ab2-f269-5535-8d73-f60069e7e410", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c84cbf06-5dbe-5e55-b809-98594d1b9681", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c52baa6b-1362-5355-8bdd-cbe344636aa1", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ad67bcb-7625-58b4-b097-945b2a4fd6ad", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fdfbedc-5620-5053-aa50-b572f4f604e6", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2ab10e1-5d55-559c-873e-007422edb6a8", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f894bf7a-2f83-51ef-a9af-160511b95a5c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a3a7d21-55f0-5fd4-9179-c64af4307aba", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9aede978-b93f-5e90-bfa0-5d5a0fd58fcd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90c9788a-b616-5425-bf0b-9a636e05fc61", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-orm. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88d81974-896e-5d98-ac2b-6c7cd398b661", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:037e972e-da6c-5f98-b61f-902987e72c84", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fdec6681-6a7f-5304-844d-3e039fec0fef", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ceb1603a-38ef-5832-b690-08c3823d55b9", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82c34b16-e380-544f-ba10-46e20b6bbad0", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4ee5c25-1325-50a8-afb6-060e37dffae6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f48d890-6cd7-5d4a-9187-f86e4d81d3cf", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b92e8666-7b85-594f-b86b-c17be52789c1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ac36405-c57f-58c1-9e97-7aea2b2623ab", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fefb5721-9a76-54ff-99fb-82e8afea40ef", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:774c767e-6373-5f90-8e99-d5171a3a62f2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a6cae6f-50a9-5701-ad1d-639131749873", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67a8cbb7-3b8f-5a04-be48-bc6335d77e76", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aebf1b5c-4d7b-5a15-aabe-7f4e9d531f67", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.30-tuxcare.4" } ] }