{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a0a07d81-9c85-5413-ab89-b26d0e674ac8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:12a03e2c-334c-5deb-a2ff-1a0e877b5a58", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc75fae3-1882-56ee-9bd2-bf6a4bb1de33", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4aa945f4-bc29-5a0f-8a51-6d4bd5d7ef1c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0cd1540c-905f-5c25-982f-25b513879cc5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3cc90d95-c895-5f41-b644-efef5f1fad88", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afb70a96-e50b-5466-970d-d1d98aa7fb16", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e3a93d0-1908-567f-aa9b-5cf02286f044", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb82c126-c3bc-5956-b390-a9c4a48b57f1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cb89f5a-5125-5b7f-96b5-aa4c464537c2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b6d5ac2-d417-505d-8ab0-20e20da10800", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec779019-f871-5966-a310-e3f44634f076", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78502683-d9df-5947-a6b5-4e5f25a347ac", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9530c72-e98b-56a3-8bab-55bdfe35e93e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7e22564-2d09-5d48-9d58-888fc3896cf2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08d6f435-a99d-5e7c-ba5b-9a7fb4870e33", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6fe025a-56ac-5973-a9c6-609839ce3b39", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40ff8897-8cbb-521c-bfad-6bf94a704c55", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f127e48e-c36b-58a7-aa1b-c5d3aa556d72", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1718abcc-5a65-59d4-85be-fb03173a1de4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc6312ec-6218-5669-af3b-5e161dfd90a9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fae215ed-cccc-5f0a-a27c-804aa2c5ffc8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b0e9a51-d3ec-5e1f-951c-a4a898d2fce3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-web. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:baadba36-480e-5fb2-bae7-f5c9aa3cf926", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c287629b-41fb-580b-b2fc-be5034722603", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69ec85ec-01e9-5827-bfee-1f7d8b76d984", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67485170-9410-55c7-a01b-3b895b046084", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e6131c4-99d8-51bf-93ef-6fb8cc1ea982", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d45e1ff-bfec-5a89-80a5-2c5fe673b9d2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1378d147-ea7a-5a86-844f-1d355976c6f8", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:074a0548-1fbe-5793-97f2-b2c306757f2a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25129699-dc8d-5fe9-8a0e-2be69ececf44", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16bc2a47-6a59-59e8-88a2-f381a44a59e2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:429476a4-a708-59f8-abad-f276a1b53518", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4bf021b-9088-5bdc-8cae-fef0db7d6aa7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c9f47a1-7b25-5e02-b089-d6e8a464e884", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2583ddd5-d38b-53b2-a931-a2ab5fd43e18", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.30-tuxcare.4" } ] }