{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c7728304-e1de-5eef-8e50-7b8417922659", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5f58f567-30a1-5db9-ba95-438c2ef23f65", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66c570ee-b450-5acc-9fb6-8fa2379b81f8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8aca0daf-1952-5c9b-ae98-a5a6be7dbf1a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3392aa6e-23b8-5042-8e6f-4051ca8b59ed", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d654515-d9ff-59c4-897d-74ac2ad3d2cd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7fa48f9c-ffc5-5509-a902-22ecb52ae006", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:09b348d8-d1ba-5c05-8e0a-a037edf21c62", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1f54315-da4c-5e96-b487-7c04425a1307", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bab8c22b-ecdf-5958-86c4-eb2df75abfca", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40b0af1f-29e4-5d93-8ccf-d66c4c26b1ad", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9f98ebef-8996-5353-ae74-176e7aac42ad", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:415ee7aa-26ad-5b51-99f0-b61e7bce58ac", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9e9bfe62-1664-53bf-80c7-1ec605df3df9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aa395613-6f5e-5580-bca3-6685e9143c6a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:240cc74a-3982-5df7-a8ef-f5e704c0ff7c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3edf4031-3295-5255-bd7a-233b6c7c4453", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4558ad3-8f8e-584b-8d96-3d6547944c85", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:70041622-1c69-5dfc-b4b9-a38f7f789ad1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3269ae86-c8d9-55d7-a0ad-474ce16d6031", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b6e379c-1116-534a-ae79-8c09a4c8aef7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d8287d0-0276-5103-ba12-e785f9c1ad74", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b538b0f-d5df-52ad-ba9d-5b7402b3a7bd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac07a51d-1323-5884-975a-ebdb8efc633e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a8aca17a-6c07-5078-aba9-7a55125ddc3b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b5b4f313-f59b-53f4-a7bd-d587d642501d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b8acde30-2390-5d88-ad44-0e0234a1453b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bbf9ebe3-ee14-5aeb-898c-35fce81a8f98", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:81d53a8c-d9bf-5286-95b8-189ed90986d6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6eb071fc-6bbc-5cc7-b6ad-df6410dc7e05", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:171ab3e6-e4bf-5207-9ae6-f9fe273cd065", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b9210f5d-45a2-563a-9daa-9d164d5e8ed8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6fed40b9-b813-5c28-9534-3dcb4e77550e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d5385700-b6ab-5a19-9780-cc8b039c65dc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.5" } ] }