{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:11a8b71d-bd3b-5543-a4c2-b95aa897654a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:442f9e11-6137-597b-94aa-642ae0037530", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:159735c9-864f-5f38-b43d-a9b7dc0fa234", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4bf7452b-dc3f-52ac-88d6-3cf5045f8b2f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c53e3d08-c8ba-5f90-8949-69d273cc3e2c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d9c6f118-f192-5c19-ba6d-c79f0325c32a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24869809-2321-5857-a8b0-64ffeb88ead4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:adf6a629-7b34-57bf-81fe-0fc0960e0933", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a97d7c1-0a93-59ad-931e-6576619a7bca", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f271af90-e538-5721-b410-147392b3e9f7", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0d274fef-d6e4-5839-a47c-56c18b9e0781", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c25938d-74de-5abb-a43d-2c928dac50fc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da75cb69-b36e-5d86-a61a-0d3c253920d3", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:83f7ba01-0f37-576f-a1a4-a70f8800e0c7", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:728b459f-3074-5fe2-bdb9-31cbfaf08896", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab1e0d45-d459-56cf-a043-9af99d0e8794", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab51b067-916b-58e7-bed2-06cc8a6a1f73", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5549363e-7bc1-536d-8906-c96a3d0aa92d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d5fb595-2e3a-5771-8c3a-ead90313c92c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f79cc571-9628-5ba8-87cd-085661119285", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a0235c4-83fb-55e9-8802-309152dde7dc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9c52b106-5ae0-505b-92f3-65e2295c8726", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b61d13c-bbe6-56af-8932-4395f798c01c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad88de73-bae4-5286-bca1-ccf8ca469625", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b7149af-181a-50b6-b973-6098167c14ad", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:409c5ddb-1ca6-5355-b934-19a3db64273b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:52da81e7-3165-5f3b-bc4b-407fb44f72bf", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b39e25a-7fdf-5e9e-acff-464a9cb9ddca", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7d7d9ce-13cc-585a-96ba-34fce98f9b37", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bfbba73-b509-548d-aba2-572fff66df99", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3aeeec95-ba3d-53e9-9e5c-476dd67676b2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8544492f-dff0-5d4d-8449-4650c135a9e4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12473ed8-6b46-5384-bc8f-0925cd6f3186", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:23a9499d-176e-52af-a2ab-0286e3be36de", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.37-tuxcare.5" } ] }