{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:61c075db-8feb-5454-85f7-b35c95cc05ec", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:88cbd158-6cd5-51b5-95f1-5dcde486d2d3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f90f5e62-0823-52c3-9497-f13fdf902843", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c96c242-3f50-56c3-a50e-2e17dff626a1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d4a5ce73-ba0b-5829-9369-a30f9c9cbf27", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80a0298e-b611-5104-97a8-7423de70c124", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2f465ce-0bb4-5a2b-9d91-750c6d69fa6b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76872e7e-970e-59c1-a0be-d970a05c29ff", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cb74d0e-0f31-5e75-8247-f9df06e73fec", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98307b01-055c-539e-9273-95f4f92a84f1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38e838e6-c1f1-5857-aec0-e82bd2f3d59c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8934fe6-6450-5477-b28a-3958099ceff1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ada36801-d15b-5502-938f-181e970add21", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7280ecda-3a90-5389-97fa-ced1e7cac5db", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1646f260-ddea-5aa0-8aaf-e5c6d1ae45bc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd09f5b0-96ec-56d0-b844-7952191f5045", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00bbe021-1568-5b59-b4e6-83272d3f0d33", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de914f63-9680-5ac1-99e1-77c9fbaf8e1c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:940a247b-58d5-5e56-a801-800580c1f078", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d524a2f2-2a63-5eb7-afe6-3e37e447be06", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca6060a2-938a-56c9-a748-84878aadbd1a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75810216-2c22-5a95-8743-029185738e61", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3171fcd6-ed50-5ab4-9fa9-224a7330d6fd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-oxm. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4557c427-490f-5e90-9723-08dffc561a8b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ecc42f3b-f28f-5d36-a05f-ca29980790fc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1f310495-28f5-53c1-8982-d52529469d21", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2a15e2b-4e93-57d3-94f2-edbdb21fc2da", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:da5c80f4-cf1c-59aa-b000-bd39c6f85de1", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9130a005-1339-5229-8f7b-b3fd6a904c02", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:144f35d7-50a3-5042-a1df-614ad7ceea6c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e70a4d0-27f5-5918-9c64-2e1c9d9344dc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec977efa-f1a3-5a50-a963-520763d4a7e4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9be48831-c93f-589f-ada9-481591b1c3a7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f22ff88-d061-54cf-a915-13f183fcb538", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ddb3781-c1d9-56a2-9a21-fd32c59675ec", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f2da4c9-5dee-5970-a023-38e2348b561c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bcd78152-342a-55d6-a54a-e352bd8f83f4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.30-tuxcare.4" } ] }