{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4e079bcc-d790-52ac-8c41-c29ab636dfbc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e343eeb5-ab1f-54a4-ac82-4c2b9b81e6a5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c7ed2bc9-be7e-51ab-b8ea-65cb474195b2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf22d571-072b-5389-8296-f34e2ba52af4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c67bb2fd-d269-5119-8cf9-8a19148fafd4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:242b8d2e-5db1-5a2f-b8a6-265790e8c1f1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:604278f8-ffb7-5cfa-bd07-f6938c56d97d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:de19de59-492f-58b8-bac4-66fef217c323", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:92871ab5-082c-5113-8eff-91d57773436e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:19d9b4bb-7ba1-543a-8ab2-b2fd00df7e26", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1165a432-36a6-5fbe-82f5-4639f16b2bc2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:14d58cc7-a5bd-53b6-b748-cd0e3b581a19", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a26657d-9b87-5560-a221-ff0e61fe3edd", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3ea33a00-596e-59e3-b19a-da8608d65f26", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cffada73-a350-5bbe-918f-62ee60aa5455", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:221d1ff1-332a-58b5-962c-905295954c69", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c07e5af-2170-5804-9396-b6cc5765cb5b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7ee69cfd-d358-5e5c-a329-e3ff3fef56a0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0ca5c093-48b9-58d6-9653-85fdf7057f87", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e3139ddd-e1c2-5ecb-92aa-0e04287acca1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fd0ee003-5c2c-50b5-a9dd-72b46903c170", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3f6465b5-1683-5561-b470-1d83d54e168c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:30daf169-f44c-5c0e-99b8-fc961bd60b16", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:047dd11f-3316-5280-b761-e6f90697186d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1b2277bc-a6c4-574c-bb9c-e1b8d20cdefb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:16117893-0f1e-58b0-a27b-4e054aec3b13", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f8f05314-9b32-5374-9c60-e67d7ac116ce", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a3c34c89-fcff-5315-9edd-90cb49830f07", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:df3745cf-1bb9-56eb-b1d5-ba668c9d9340", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:efd53cd3-1ef8-5fde-b2e9-28e6de1b1165", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:52b62603-df1a-59b1-b839-14d39c5d776c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ff641e54-928a-55ca-86db-956c678ba143", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:27586798-ab05-522e-a87c-c13a75c96039", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5a3cb5b9-1fd1-5b22-a0e3-9ee1fc68cef7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.6" } ] }