{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bf3ee5c4-6146-5ce6-a1a4-43fe02d4b620", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d1c453f4-b377-5cea-b113-72d5a8d880e8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fcfa350-f5cd-5cb9-b62d-2768e00be2c2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7ee1df4-d164-54f8-82aa-fbdfce4b0f61", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d4073fe-2839-557d-b3a5-44e4a90b316c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94d49e0f-1e68-553d-98f2-be8af19fee1b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f8e7bf6-83e8-57e9-946a-9e8665e77c3d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff760529-09fa-5fe7-92f6-f732207760a1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d78f1a8d-21c4-55cc-983a-a3994a5963b1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3d4a556-48d6-5c79-abc2-9e36bf01540c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d252c91-cd5d-5fdf-8201-17b445173c44", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd5ef10e-acc5-50f2-9d2f-dc2f2a09a53f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f2dda94-68af-5d64-9366-4648e96da547", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43c93692-7287-50e3-9053-d69f3cb9aa57", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf4291f0-e7d6-5085-8734-65a3ed781781", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:637613fd-75f2-504a-914e-b34a032c41a4", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea2b9ce2-446d-5ccd-90af-e59b1473ee71", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15849ec7-1fbd-5593-8f27-95e681f0bbab", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c8fe5b6-99f9-5895-9e8d-e9f65940c50c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb777182-f663-5545-be4a-c4103671ef20", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99126f28-3e6d-5fa7-923b-10b4637f2dfc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81b5cd6c-68ed-5fb1-be5e-808ea9b402ce", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b71c6de-fe2e-5e20-b977-27b286f61474", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-oxm. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78b4d5b7-9661-5ae4-96d4-b95f3e427885", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48e8a7f7-7013-547e-90c3-2f8c2ac8344f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4cc03585-e10e-50de-8e6c-32cb5eded90b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:094536a3-28e0-5fbd-a83b-d43d975adc5e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e80b34e0-c561-5fac-9a1d-b8a5f695df10", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a959cd0-6a0c-5fb3-99a9-762235d190b2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0dda7bc0-1022-5b13-904f-e084effd291e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b54fef05-cf00-5130-a5f8-20fd966bf685", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b78419ee-c8e9-546e-8008-b6a727d9dd6a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:124490b4-5189-59e0-b281-2635572bc808", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73822be8-2501-5e5f-9fb9-349681ff9369", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a6095bc-848b-56d3-8ac9-dfbe88a91323", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:548ac81c-73d7-5186-a7f7-9efc6f46f6a8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44f05832-f4ed-51af-b361-d1ef90e91e50", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.3" } ] }