{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f999e493-50fb-5533-a8f9-612cdd87bedd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:05dc7c43-e471-532c-b400-a2a8d439a7a6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f74cb8cd-5f33-5630-957a-eeb0d8598960", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abd6b078-79d9-5372-a237-f06e0dd9afbc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c007fff-5feb-5ae1-aa97-8f6eb44530ff", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aeaacc32-12a7-5832-83ba-859389f498dd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ecf1bb9a-5a0b-5b18-84dc-5800c4bf654e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bdffe619-f506-5626-a790-bd4945d8ec9c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d63886bf-f9f3-582c-8a54-596890d65d5c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e26af9ef-aa19-5a22-bd75-9a898ff605c3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0041623-19a6-5ace-8280-ff0687cc3452", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6030c3ae-e3bd-519c-b529-7f60121da122", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7515e905-3306-544f-b05f-b6b2b929db01", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37aeaf16-7838-51b0-9dc0-e45d3a673de3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ec56c19-ece6-5be2-9c33-02113abde9e5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1dc6c35-6e66-5945-b24f-00b00aa3b6b6", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e4575ef-06db-5570-a6e6-627d818b9ce1", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5473d2b6-944f-56b6-abbc-522cf10d6a95", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d8f0cae0-db11-511c-8a19-91ca14db09f7", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9dc1273-74ff-5ee2-8fad-24c0e3d0ecc4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3687bfd-92aa-5c2f-849b-ffec92c8290d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d79a54c-bb8f-56a9-b820-0560bc459192", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79dd0c7c-6f4f-58f9-bf96-34a1f10f5d25", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea352ca5-65db-5999-b89a-8ad22be6a901", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc76031b-7fa3-5e61-afc7-64031780ffb9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abedfe39-11dc-5fb1-9ba6-648e955200a9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:091e6bbf-0dd8-50dc-bbf6-4fa56becfa8c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:feac0870-6c9c-57ba-a412-83915ad6e9f4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:783d56ff-eadd-5871-b5b7-6304ab2a6fb8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:706bf381-aa3e-5a74-8127-109327fc60b7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:094a6ea3-ee3e-5112-b0cc-1ab3e19a4b8f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5772071a-98fd-5730-9367-93dec3165c8b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d97a359-7fc1-557f-9ac1-a8124483bf82", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5609544e-7087-55e7-861e-d9d80f7d9515", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f44ea8a7-0bed-5b71-99f0-fc3434b82eca", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d031eef-f226-596c-821a-8278a433c397", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96efb600-3462-5594-86f4-056df702c1d9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.3" } ] }