{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:160f08a8-049b-5430-be0d-eead8b4e619f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ff2a707e-2eb7-5850-9587-fab54aa0431c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2844204-6d97-57cf-bdaf-df00a3192a58", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bdbecc6c-4a7a-59c7-b0c1-aa13c6701ff0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d30de09d-b568-5239-b5ce-4f20c824da14", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7aff3d60-d9d0-52ed-93a5-9ee19f904612", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5614ca82-72ee-531b-8632-b94c55e2b8c4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9b99b89-b8ce-55a5-a3c3-6c0064d30906", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6e41cdb-257c-5632-a015-f185027fd5ea", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a52a4d69-61f8-5148-be74-ac766cd73a20", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65e874b5-6799-53b4-a342-69158f740662", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56c3121f-5e57-5617-8e3e-8ba4c8a024f7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:087263c1-ede1-5789-a40c-105c7cafff46", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc3f6724-e2db-5942-927c-a05cc9c48b12", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46644a0b-27fa-53e0-88b0-b383c8431370", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed319309-1088-5b3d-8cd8-fad2eb37625e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b2c8441-f3ab-5514-95ac-9a139a5a61b9", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d525cb2b-6f93-5256-8d48-87eee2e85179", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc5fb2a2-37b8-5c0e-a3eb-bd365ba06984", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9fe4b40-a8bf-5b9e-971e-39fa4d20b87d", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b22d14a8-588e-5af1-889a-8a952b521484", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39b72095-dab3-5d14-a42e-890ff3df2203", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc453056-87fb-568b-8a8c-b15be0c2eb58", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-web. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86d8d007-cb01-5e91-9e00-254e601a4094", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bd7c77d-4c6c-56a1-92c2-0a4fff6998c1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc0cc01f-938c-5cfb-b9b9-52b09700dd95", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:087bcaf1-bf3d-5b62-abda-e12851e602b3", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2e003ca-10ed-5174-a403-f8c4c95b6d85", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84cdc947-ba6a-59be-a0d5-4192c13a24eb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e2e02c8-3b03-55d2-832a-05747022f994", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e87b70d5-ec06-53fa-bd07-fc266e447d94", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76826965-ab27-56ee-88ee-a5bda878be50", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b61da105-2d31-5826-9192-db3d889ca516", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e293673-9109-5411-880f-47665fcadac7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bda557e8-b36f-55a5-9018-a5d1f4173bab", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6915eaca-feb7-5eed-a761-741f690f534e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f30dc40-8a03-523c-b1e7-29913b222fbb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.3" } ] }