{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8da60b76-6e75-538a-a9dc-aaa47be98ca8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bcd45be5-f0ba-5c79-bc5b-36a4c7ec3889", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26f295c1-715d-5bb0-b82a-e2e4f2bea8f8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ffb4628c-8822-5db9-a8c6-076c1b1dd119", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08ad7b00-0346-5c9c-ad11-3715ffca487e", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9451f616-7ab8-51f9-9a72-15128eef414b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd2dd347-d90f-5c91-8b65-39a61db0a8eb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f919729-ecdf-5876-b7eb-9f50d1bef699", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5188645c-6a94-59b7-8536-198634857459", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02e147c1-0d18-55de-9ed9-c3f7d896b5b3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5f2333f-53b5-5b09-89d2-bbfdb649d979", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93da2a2e-9577-5fb0-9bd9-2464667f50b0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7fa9563e-ab2f-5999-af9b-5668e2b5ae38", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e426edc-d457-5ffa-9cdd-6cbc3f766393", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79c7b07c-9296-5fa3-b1db-2f2728ce7516", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c821de7d-df2c-5d1b-8488-d4b084983e64", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7a11f65-36fc-52f1-b38d-b73b0ef2eef4", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7c70c27-8fef-5691-b36d-acc0ec8add77", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9159c469-d769-55c2-b6f1-ba1f278e0537", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c24d3db-d432-50a0-829f-b9c0237a8362", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64316c76-a2b9-5779-9a7e-fd7b1bebda1f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2636104c-71cb-576e-98c6-f3678f59112f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1033c453-105e-5ce3-a3a9-b9ae023ea428", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f624328-6d74-55e1-a4ca-278859df8eee", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e87f2a16-4745-51fa-96be-1ec6095a66c1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:494eb054-d505-5a52-8770-c594305f0b92", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6492e35-a4c2-58a3-8d5f-338a24953db0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96c1b5fd-ead1-5d2d-8f69-430fb250ae2d", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4c3641a2-fb74-5e70-88fd-40a4d97ea8f1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8654724-c3d9-5977-b0ff-aa31cb019ee4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e94c0d3-d455-5731-805b-2356d77e94bf", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f48af272-10c5-5a5e-a83f-167abc9b3641", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b7a126e-5886-51ee-a6e6-9e8990cf69ff", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3edab23-11c0-54a8-92e1-f1888a82af68", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbc3e644-bce6-5dea-a43f-c7b8da8bc366", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37b8d063-3d79-5d55-ab48-84608fc3e4db", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ecc446e-21a9-5058-8a94-d8acdd2c619a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.30-tuxcare.4" } ] }