{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b83bbc45-f008-5802-8f25-74e9192a5c26", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f8020fdb-0092-5acb-9b1d-25f099dc79b4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:24aa7a77-23de-5c78-94b2-e04b1b1a90fe", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5f3c6f6d-8a26-5ebd-8930-0ac9c4d3aa27", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4210186f-dc18-530a-8a2f-6701e773dd12", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:71afa356-4ace-53b5-bfb0-831fe636386e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a33d8c06-c6e2-5857-ae53-a8e59985310c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:45cb95f9-8497-5a4d-bddc-04f9eeb1512d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ff6568ef-4430-5d76-ab2e-cac8ed0fa003", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f073caa9-b3cf-5a82-a245-620dcd68c1e6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7bd85841-955b-5d2e-a3b9-d2239dec8856", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2afb4771-5c8f-5e44-a8a2-e125af3ecfe1", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:da5aab70-a1f2-544b-a53c-cd87cd2d8b48", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2a62af1a-d7cd-54d3-a75c-996516efcd16", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:74da703f-a548-5451-bcbd-2a69604493ba", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bcebb637-0ba7-50f0-ae61-e0cbeec1ae79", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b2bed6a6-a976-5251-bc41-e58266f44445", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:35a81deb-d56c-5272-9186-3b3a6eacfd01", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8ea0648d-59d1-5d9e-8203-6cc73bf4acd4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b0add2c2-c488-51bc-a872-c72546c992ac", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a3d2acc0-ecb1-5f2a-8756-e762296d512a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:70dac599-075f-56b6-bf8f-e41812f8fbc1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0ef80a13-cf3e-51b6-ad95-bf645282fa55", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c8e85b78-ec40-512c-968d-937cd2cd719f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8caae015-08bc-523f-ae6a-696c0886d3bd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:354928b5-11da-5980-9e66-da6f76b1a17c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7f556b1b-eeb9-52e4-81ed-5416d4185c3d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cdcf6731-ae85-5d0b-8389-c6b45a97d571", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a29750f3-5f5d-5215-854f-8c43997741aa", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5d0cd0e6-a9f3-5e50-b894-84002c9cd81e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ba1d17db-d224-54dc-914a-d8c77282b60c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3f0e0e64-9c33-5281-b629-c31d536154cd", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e096839a-8280-5c97-8336-86012e360d4a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:576baaee-2d46-5b11-9339-6f5b5ee54b16", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.6" } ] }