{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:72916473-e937-5002-9703-21d031f8f6fb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b47af427-17b8-54c5-a16e-e11ab3d99e79", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f4735a48-89a5-519b-8ef5-b86868b6b2b2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7ed437bd-938a-5ecb-ad53-8eb002e83e1c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:db04b7fe-a7d1-5c78-9a49-81e54a0d65a6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1c0120a5-1dad-5301-89cd-ee9ee7c4f0a7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0daa133b-e024-52fd-af00-592cddf27622", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:62910cc7-f37e-5228-82bd-c06f12807153", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:11bb58b6-92c8-572b-8c88-3f283a13be8c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cd34c95d-a1e2-50ee-93e5-0456e92439c9", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7e350b00-64c3-571e-aa7a-961b170ab01d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fc77c221-7b26-5f0b-b6f3-9c5917fcbd55", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8d0e2daa-4e85-5115-bac0-2074f00cddba", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:45fb593c-84dd-54b0-9342-9e88af63aa21", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b004661f-ed5d-5ad3-a892-17d63590f7d8", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:46455077-90a0-5b69-be2d-11f12947af27", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dc2cba5f-25ec-56b6-ac85-2cbe7395f007", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:18df74b2-1b69-59c2-b552-c656474ac342", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d0190846-f18c-5209-98da-8d953e4861e7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:902325e5-c20a-51fa-b09c-15af55fdb4d1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2bfb313f-8f11-5b75-acc1-26bd73b2a9f4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e36ad682-55c7-53bd-b4b8-7b048e899f44", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5fb027d4-582b-5e5c-a6d1-f87c25b03516", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8070780b-c6fd-547f-8085-3b8c0004b2eb", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dcbe1c8d-51bf-573f-b434-486085d337ba", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5e5ea031-33b1-564e-b558-e6fc2a90517b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:786d333b-94d2-5458-aa62-200464680b90", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:25270174-82fd-560e-9bcb-83aa31f62225", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:083b41f4-bf69-5b3b-8ab5-3e2f9f64c817", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3b1def06-0071-5a75-bbb9-3e2d4ef0a19c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5c7fd672-dbaf-532b-9104-9c9555d5ad73", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6c87262e-6562-53e8-8d3a-7de8e7438440", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ca1cddbe-226c-568d-abcf-d0b75f536b57", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:91ff7384-8f42-5c62-8d5a-62beeb796c26", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.7" } ] }