{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b2ac1f79-d4a9-5a84-81a3-7a7b7c93ed00", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:935ef09d-dd6c-59bc-9009-22a762cef5b1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:250540e5-c347-5292-be1f-b673b2e4ac47", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c7a723c4-a8a7-5296-8240-ea81f0061f70", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:32d62606-0a24-57e6-b8e2-44c8f804f5c3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8b8ba985-0c5f-538c-85c3-8c239c2b118c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b021e70a-3b2d-552d-85f9-23a61b4deccc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a5279652-d989-51be-9fec-538893c7ebd0", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a97b5026-504a-5e6b-a8ae-e557fbf50bc4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:47a281a0-feb8-5bed-b827-3300e53aaca6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:664974ee-d641-5db0-b702-c71988b37a79", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b08d4b04-cf68-5037-8aba-d67c80acc6b9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1f2d2a83-7977-5a47-b672-afe96d299eda", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f8a06bc2-e552-520b-bedb-9d30cbf2933c", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cf541f41-f60f-53ee-b318-7972e09084da", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f1d44a8b-e642-5608-92fc-59673a4fb978", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c29b01ae-9ceb-58b1-960c-5561e641f7de", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:48d49ca6-5fd6-5cd1-8089-203aba3448ac", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ff9e5a37-5912-5fe4-9499-83d619f40689", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:598379bc-bcbd-5d50-8ff4-2392694c1e2d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7f13ccad-1864-5c2d-ac96-4c6c8cc0fa07", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ba2a0a5a-6a0e-5743-bdd0-aa53ac425aca", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:250bfff8-8038-51aa-a9a2-589dd446bb53", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:de787afe-5868-5c8e-bba1-428adc535a72", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6e7a7e0f-d2eb-55b4-84e2-74c3f1dc78f0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f391a798-333e-5c83-bfd9-31405841394c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:99a97629-614e-5d29-bb6b-219bda562ddd", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ab2adfb5-5fa9-5b50-ad5e-601d4d626f01", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20654a03-76be-5000-b56f-a4c4057dbeba", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:452dbdb0-41e4-5a4c-916d-a27553d80f40", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8aa4bf9a-bf50-5b43-915f-1c4e89350c2a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2c448f30-f418-5e29-88bd-e8b949697a34", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bdf29e6e-4f9e-517e-8ef2-fafef68b1908", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1a66f25-3ee9-55af-b8a2-c772ddcb009c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.6" } ] }