{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0f348528-aebd-5f2e-808d-ef265ada02b2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4f38811b-2dd4-561d-bbfa-7c86976f5d78", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3448371a-60a6-5af0-be40-059509e4dd55", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:102fd790-9cbf-5988-92fa-ba9c7b6db638", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ec52351a-5b8d-5f15-808d-c60586c5f6d3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9eaed0bb-2b3b-5ccb-a711-213c6b483727", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e22767d-f37c-5dcd-8124-bf66806cfc77", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:489789d1-7bed-56a8-b6e7-8bed7f43a2f0", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:896f20c7-9466-570d-8db8-08de748bdda3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f2600e3-b148-54f8-ad12-8506c9f540f0", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd9d6012-51a9-5549-bc00-a6fd2e038966", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2334427-888a-5dc4-a226-9ca6f65c4058", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e449ed16-0c98-54d5-b2bb-21a3256cbb1a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73c2c634-3e3a-5a3e-ad77-f1fd5f2a1c48", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f968a02c-a575-5291-80a6-649c3b27f02a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71ff54e6-3fd6-566a-8f88-5463a15ed264", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff30134d-e4b6-5258-82c2-4a56e9199609", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b86cf9b-3a2c-50bf-a7c6-8db4adbfa561", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:57c39c37-f7b9-5a7f-b0e5-c19ae5a506f3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4235c53b-4ef5-57fc-aa8b-82bd2457349e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ad9b8f3-2dcd-5d05-a468-38824aa648bf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:41abdc57-22ea-5221-b9fc-11003dc42e07", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:713aa3cf-3f5f-57ba-8eb3-617ecf59be80", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9b4262d6-82ba-5b3d-8dff-9210a6601023", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:45802028-a184-527e-ac7d-a8a69a07add8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c5d7fe23-eb44-5d74-a4d4-597bfd86e019", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0de4a7d7-246a-57d7-a6d0-544316c7d4b8", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49006101-97b9-5219-aad0-b4d5e2d64c82", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f1b38b6-b187-5410-9144-c457b228443b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e0db86a-acd5-51de-adc3-86e52f2512e7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5872f8ce-e911-539b-ba2a-47d86ba810ee", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:51606629-cbdc-549d-b7ce-dd7eca15314c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:46a23803-f2b1-5099-b846-4117c0e69586", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:75e71cd8-31f4-5cd1-9068-02f0ab19cd58", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }