{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:085aba0e-38b7-50e0-b78e-60a3ca5e65d4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cd4010de-d676-59ef-b731-a28d40b48ee6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c63239b4-9476-5074-ab4c-f4f338b450fc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:490ee71c-6e03-52ee-a238-c7fdf22fc224", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ef21256-84a0-55ff-8e37-8fc7c93db3b3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85db8121-9b64-5b2b-96b8-4657eecdfee4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d59b3cba-bf25-5afa-8c07-09c5623f0d2f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd614cab-2005-5228-a907-0a1e8c656c22", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aed3d829-b726-5bf9-b617-135960fe500f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e04dbf31-0734-50f5-9f1b-4b455478ddbb", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:faf1ec4b-1554-5b2a-bff3-4f9cbd135a06", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db37c54d-0cf8-52db-8f75-7326a4081362", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08d38428-7aaf-5cd9-ba39-4a2f7f32b8c4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16e03d1b-0750-5396-a8c9-597e43c08323", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4fcbec3-ce1e-5cbc-b851-71696394424f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:697f3a76-89e8-5f3d-bc45-56b88961fb1e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d72c2e9-43f1-593b-a6a6-dbbfc39bb561", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02db7cc8-8e7e-5965-a98e-7d28ca3e17c9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abe9f20f-b8c3-5922-af3c-7a4362231e37", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99c7cf48-2a37-5cd3-9489-dea319717521", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc92856d-e525-55dc-b0bf-9472609bba32", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c24bb5a-e886-55a0-9a1b-a7689a4ffdea", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43f51ce6-0899-5e14-8059-a2e301e8bd10", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c44ad498-67c8-5681-877f-57005c30eb53", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a465b993-6b24-5c6b-8ba4-5b87e6b25d0f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d08cbcf2-355f-5d32-83dc-6ccf291bc261", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2792edb-b460-5360-a264-48869e08d05a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f523b7ec-7685-5aea-8a07-d74350ad1f07", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee6f6dd8-8bed-557d-9c63-278b1d4a6b4c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c86af48d-dd78-5b52-980e-bd54bcae6ebc", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:002e1474-4cad-51c5-868b-7d4d04076811", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b16e331-c995-51b5-aef8-f85d388e441a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29dea6e2-4d1e-506a-a3c8-60ae5dbc0b31", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3966e3e-1233-5d5e-a8fa-2fdec07ac57a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5edc1fb-97b9-5d7c-9634-569652742217", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de2be8e3-9966-5bd2-8671-03345d78652b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ac4dfe0-19de-5115-a842-ab6c126461de", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.30-tuxcare.3" } ] }