{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cf5f965a-068a-56b7-a497-2ac738f18682", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9edb166c-e729-54ab-b9e0-4f34c7bafec0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:55489a76-3dd5-5681-a6b4-2a6c21bc9be9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9deda630-f007-5d8f-8262-216159e4a48f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:543bee06-b754-576e-93ba-89b361882e93", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9982a7a8-630a-5e25-aebb-d1e4458bb062", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8b538dc4-98fb-5057-a508-e53e710ea689", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ff385905-6ca3-590b-9884-e6fb816f31e1", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2ae4eda8-902a-5e6d-850a-a04425d75706", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fa1974f3-a1de-5106-94fd-6e48d659b243", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b7ece36b-7d75-5083-b83a-ec13dd159cd8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5e871700-338f-57ee-8880-2c618e03a5a4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:85879447-2c4b-52c0-ab31-d0c81e2f8f90", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fca4ed06-92ae-5715-8cfb-0421ed5504ac", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:04bccc98-9c50-56b6-868e-c8b1a14d08a2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bad6eafc-0c2e-5521-b6a6-e0e755708936", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7c963ec2-37bb-5c71-85dc-fb68925899dc", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6d5fe2b1-5026-5fec-846e-d4399601e351", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f8ce5c33-4bcb-510d-a8ce-e34a4e25ecc0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fc72d16f-d1e4-5439-8cb7-f4e966384836", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3da81496-2b18-5976-8e4c-91bba464d4b6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:08f690f7-17aa-5911-a1b6-6b1b81d8bea4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a731de4a-781b-5681-9ba7-5f00a97352d3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5cef8829-1c1e-52c3-8ce1-fd8e754c016d", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:459770c5-fe97-56a5-9bed-0ae698a273a0", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4817430d-f0b2-5dc4-a5c1-54cac8dcce3d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5e9d936b-ca0c-5add-9751-fdb39524856d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c3b632aa-6493-51dd-a108-d6296660bbd9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d5e0f84a-d4a1-5d6e-a6da-21a5f86f9d29", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6b6b8102-ef77-5306-9e18-085b87d1e367", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:53af8f4c-4c9a-5c00-95e8-74f795df06a8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4f1f6a94-5bad-515c-a387-da49808160aa", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b421ea58-6421-509d-a428-78996a92117e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e7750ab8-d343-5ebe-a9bf-15b9e50aa13c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.7" } ] }