{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa3990da-395c-5a13-b884-96f4475319c0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:058468e4-a8f5-5eff-b5d9-c2786bb15a48", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:260240cc-d5b1-5e47-94d0-abd2c8aec0e1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c19c8ced-4b91-5eb8-9505-4adf2f2e9b92", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5492ea0e-1a59-5020-89ef-2ee4856eb46e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e13a7282-7731-5e15-9d54-c3e6bffd3f70", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3f98fcff-19ca-5d30-bea3-3b235e371a1e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:94f67a3d-169d-58a2-8724-ca71293575cd", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9477a259-17ad-54ac-9c6e-cd78c4b5c977", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a33a45c0-fb5f-5e46-be4a-7b0ad084b737", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e73c711b-0e50-5a78-8419-f200244e0751", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:964e83ce-e321-54d6-9eeb-6e1a6631af42", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a5ddea3f-4313-5b99-a510-862a76190e1d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8e9fa8c5-f23b-5102-8cbc-b3938a538413", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:050abadf-ff7c-5a86-a4b0-fda16190836d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ad8767a8-7dce-5397-8ef0-d3a545aaf366", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3f406f24-f228-58c5-bca5-49dc7134897e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:30190198-2eac-5d31-a132-32e8bdc9980b", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e0d72894-647e-52ba-bcee-5a1631ced7e0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:da0fd130-0bcf-5423-9eb4-48ddf254aaaf", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c5551f1e-559f-53b6-add3-3575cea7bc96", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fdb80a87-0504-5deb-8245-04400f5b7e15", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f65b684d-8413-5fdc-8fac-4eb309c27714", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:51c1cb03-13a2-5690-a0f3-ec473b612f82", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:362494a3-712a-539a-b4f2-1328b57429d1", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f011db2d-6f54-544a-ae7b-833f6f62ca78", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:eab98f65-6c5b-5070-af12-44d7531fdfbe", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3e13b3b8-e4ac-59d6-bad0-8983748e0316", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d5ae21a3-35a9-5120-963d-5ba4a68bdff7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fe4b949b-ec83-58cd-ab5c-5ca9ac07d29f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c68c8349-aafc-542e-a094-ed527043e515", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b4ebd9fc-1343-55ed-9d1d-7214e41c72b7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f8b81af6-e33c-5d02-adb9-cfb58d788680", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6e1e1a5f-330c-5d65-99e7-00fc7e88e402", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.37-tuxcare.7" } ] }