{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b445cfe8-99cf-5040-addf-4e4d6c12352b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:95b629b9-b80e-51e9-9028-5d56a8c6c0ca", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b308f75e-f60d-5aa7-b00b-ce38a4ab0e8a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:88280a31-93f9-5f46-aff3-9b67007debfa", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1bdc5c32-702d-50a6-8c9e-bcce198d1fb8", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:55ab88d2-e5b4-554f-9192-934b27a2e6e2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5097a34d-6d34-5bc8-ad85-3cb1b8d020a3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:81f225f5-fe7b-5675-9b29-5ddfbe272497", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:05f0b898-a485-534a-9cb2-fa759276faf4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:45d2dd70-9f5b-5a48-b0a6-410f46a1eb2e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bff24aeb-e9ce-5396-925b-90dc9c118f69", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6e3a722a-cfc2-5ca6-9f57-105da23f697c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:eb98cdcc-4640-5b33-a949-abf1a2a2779c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e10f7551-5fc9-5a1e-8802-02ed765076a0", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ddb584a2-d179-5e65-9341-3cb3b14b8465", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3a8e067e-5d41-5bf3-90e2-fe6e35634451", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b95f160b-ea86-5620-945e-9bab6665f421", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e318ad96-cab0-531e-b715-962d5d5a8e39", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ba2003c5-3bfe-51f2-be11-0f88a784c763", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2d60b470-b33a-5785-9998-132a76e8be97", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:13b1e2bb-a1a9-5637-9567-fb883a27cbd8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3be65904-9b29-5183-a838-44c670260153", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:32f44938-69bd-53b6-bfa3-2e2fa8257ae1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:90518ec2-1b80-5c60-a5c6-d640fec96540", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:13c8c742-fd95-5ce8-aaf5-878d8c882dad", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1b75b43a-6be3-5552-b550-b977e66272a1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a39cf402-b14b-5762-8edf-713b306662c1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4aa6ec62-d106-5214-af86-e1a8c94021df", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cb24b6d1-aa92-5e98-a402-71a978b80aca", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c6095e8b-715f-573f-a3c9-9361168cb3f3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:08a0e522-e50e-5eed-ae42-d5b809ee9178", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cb6d6bb5-6956-5038-a114-0c320757a635", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:202fe27e-710b-53e1-9e8b-4b46bba39caa", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f875f6d0-d499-53f5-8467-27e98c244f71", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.37-tuxcare.7" } ] }