{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2bb73339-895d-5b67-a26b-2372e49d5f41", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:60e5ceb0-e11e-52a0-aadd-791e152fd9ca", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47f68117-73b4-5dc7-b454-e925eab4305f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:539430c7-4ee5-56f9-b518-fb2cb6b37b07", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32ec3eee-c93b-5360-a977-400ff495b82d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07252126-9ad5-5bae-ad7e-d97a11d2c453", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db19e7b4-81f7-5562-8953-686e592f6197", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f14c090-4597-5d24-a2e8-168f8c438600", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5aaa1b68-a732-5763-86b7-cf770db8119a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8c4cac4-d1dc-57b1-9153-8aae7de75bd7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f828de63-685c-5a6f-bc98-78cb6e5a98c8", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77082b31-b9b9-5fb3-97c4-e50799cc5019", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd134ef2-7dbd-50ba-a1d8-5209a5bd94a0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1b0ddc6-f562-5d36-b763-24c25e3e5a23", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6357b87-bf96-5d0b-876f-27947028ccff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06ac483d-f26d-5ad0-bdde-0b78c9174c44", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75ec480d-2d0b-5afb-a719-7c9fe575a04b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc4ad018-e13d-5e46-b492-dd2216bba7e3", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b2dab16-426d-593f-97a1-50d4ee76fd20", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47f70136-ab47-5a75-962c-923d0ba3a5bf", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:505c7ac8-cb9a-50bc-a93a-22655b01f567", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:694a065d-5add-518c-a7aa-b8354850efbb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0206249-23fa-51ff-bc50-7f2beb89188b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f8baaa8-309d-502b-a449-f0a0a6587a26", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c508eba7-9da9-5daf-ae0b-cf4a6e16db4f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6a41210-ab79-54e7-a938-198dc34b2ed1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:482ea4ed-19e2-5a70-b7df-8b583725b825", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c09ccaa5-94ce-5241-983e-5495793d7d50", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75786178-ad33-5e43-97d2-2c2aec5bd0b6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2984daf7-795f-537e-80e1-467e7b0ea366", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2fffa6a-87aa-5564-818c-cadd304f6ea3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d96ee9fc-448a-575c-bc4f-3ca6103ed345", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30dfb744-50d3-5679-970b-254b371ec7bc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:005f9ab7-de8f-5b6f-ae14-e940b00a1668", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cb46c71-f284-57d5-a954-20c67273438c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:840f88e8-ad6a-56ff-9188-de1ad8484690", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6fd5169-c61d-543b-b79d-f626a24baa8c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.2" } ] }