{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a0f59e57-f103-54e5-b0a6-5d3fa2accaa5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b7ef0994-078e-5bd9-9e54-d89c0089b744", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8dd07da7-2f59-58b2-9628-c745f5c5466c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:faaca0ca-6fe1-588d-9ac6-7ae2d0c03ca5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:248779d6-43e9-59e3-aa1f-4d6e6713b117", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:54076a6e-8a9f-59d8-a570-5b4825473118", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1758ed6c-e264-561f-b6a3-66b00468673a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f6d09815-2e9a-5343-81b5-feb4fe6f1ce9", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:69e2070a-b9c8-53f6-be86-dca8ae36e280", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:33341e8b-e055-5f78-9abf-89372b8731be", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ee3739af-68df-508b-a019-637959295ac4", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fee22fdd-239d-5179-b561-5b846c5d1727", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:62708422-bef9-532a-b5f9-0a5a09d47f22", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:787c7d8b-d2d1-527e-a7ba-ee6bf2122073", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:55ec3204-1d4e-5fc5-98ac-0ea3ca46c00b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc17a1d5-e9fe-528f-be56-b2be63e68062", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4e052599-8c9a-5706-becc-bb1a0ef7f558", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d1eadf10-8640-5dc7-9e05-e2e7c55c19bb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1e4519a3-8ac5-5771-849a-78fb821560d7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:746a202e-7bb7-5e0e-8b25-c640a07e833e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2a935bc4-d24d-53d0-8f74-7594d406f343", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:18ce8f21-3019-531f-b0df-5b6e203a73b6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d200fb9e-fa62-5118-89e0-6a1cbcb944ba", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b6be7ed6-3952-525c-8ed1-1f3d76e6569b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf582a9e-7fcf-53c3-bdd3-6e489035fb04", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7428f5dc-7a32-50e9-ae99-585871d7e6ed", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a9064bd-d7cb-5292-87b4-a0592786c237", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3e05afae-d739-54ef-91d6-7da7cd17e9dd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1fdabc08-fa55-55af-9ce4-889eb57845b8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:75e1ae8c-f27b-521b-94e6-1f86b656d1df", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20398ceb-1a8a-5d2e-a02d-e99ed4d48111", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4955c7a3-b47f-58dd-9b5d-c4ed2ea94c60", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c1cf239b-2687-51d0-8e6b-0615a326cd73", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1d5dc334-39af-5b4e-af65-1989ab4a7548", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.6" } ] }