{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:653242a1-f3d2-5453-af7e-cfeb4cb2200f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:abb2a1d2-9c57-579e-9e3b-349039200dbc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a0830c0-cf91-5ff5-9018-9e05adf8429e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ed9c0de-eb1e-56d2-8d74-61d65d0e7d53", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17606ce4-5227-52ca-aa0a-7018969df528", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9d35ffb-b03f-5528-9eed-29ddf392c94a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06a1453e-8274-55b6-ac18-efe804f0185c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c9f4bd6-1bf9-57c4-bd0a-bee5d07d1720", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f26d3121-5bce-51f0-af21-f883a4b07c7c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c20c416-58bd-52b3-a589-748c0d807801", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1593d89e-c5f5-53ee-bdad-4e322b9f1754", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5b20cfa-d523-5c0f-b76b-0baac1da4d86", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d5b97fd-9c07-579c-b3cb-21e02b2da35e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ebec346-258d-5c7a-bfe0-b3c2d94a12eb", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e263175-1457-5af7-a5fa-791f3d5da373", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41c283cd-c6c2-5a71-ae14-97849dcf46f8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5a39c61-4ea6-5d37-bee9-1be272bbc057", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b072d7c4-3bb9-5704-9a6c-a450a7f6e984", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7aa8048-b48e-5973-be82-09133f2746c2", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e794cbe-a622-58b5-a118-3bd87608ad57", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd64bb8c-d620-538f-8e9a-38365053e8fe", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4263405-a6af-5928-b395-68fb197358e0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69357b07-a5a7-5aa1-98d0-59a665ab5d5e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0e9beb7-c8de-56fa-a36b-92b162d0562c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:254b47b4-3921-505f-9871-6ce8eae18c5d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f86c27c6-f72b-5087-82aa-f829d08bb156", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f4610f7-b0cc-59e9-971c-a9bc0ddd6914", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1f4bfee-36c6-5dc1-8d13-2e32c0bf31e3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44f6675d-eb90-534c-bc51-e7438002490d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc736898-a9ba-5855-8436-b14ffb422377", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a11d6535-e862-527d-9c5d-82dff4451f03", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f34b714-067a-5eaa-9ab1-fa402c3642b4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2fe2c45-7618-5a8c-8ca4-fa01e66366de", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28f45338-696d-5a6a-87a7-b6aaf20af230", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a18defd5-a81a-5c40-93d1-ab926c4fefc4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98612f57-91a2-5ed0-9bfd-1e8174662e13", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab5e1c76-3ed1-524d-9849-ea6ee9a38dc0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.2" } ] }