{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fd4c31d0-b046-5a08-881a-8194c8526d84", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f52f7558-bccd-57eb-9df9-faf05abc0d72", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c4d6a435-6c81-595c-96d8-f9ca0633296e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2fc92fc4-19cc-5a3e-a0f2-4958f61ee449", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6b1ef7ac-1bf9-5046-b2c2-d5645e0a88cd", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:93fb1b46-5d0c-5b7e-ad1f-2d2d2cf5e506", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:db5ee1c9-667e-5e4a-ad5d-17391daeca37", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d2fbb347-f879-545c-bb3a-8fab6cbd0860", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:24e3c5b3-55f4-525a-8848-e8969d481cc2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7c62ff05-7ea7-53d9-a545-d23f282aea7a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ba34ff24-000c-595b-b8a0-6ff60211fb59", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2909c5f2-da60-5bbe-99b5-57cc283ed749", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3097d9a5-99be-5a34-b862-04270fc6494b", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:32e9ecbd-fec8-5789-aee5-3fd859acc04a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3d3d6348-9afb-5def-9f07-1bf72a6b2bdf", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ccc1361f-5c06-5f98-9913-67eac04edd2c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6af913fb-d9b7-521c-889d-68c43ddf8127", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:487d3caf-c0c5-5305-88ae-fac80fbc1064", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7e279048-cd2c-51f1-a18c-a07052aba5c1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4f36850d-d1bb-56fe-8984-0dc8eaf7298b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2e752f3b-b237-53ac-93c3-f6e23516fc6a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:004a0c70-abf5-57c2-8a7f-6e975efe72e3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cf24a2be-c31d-5144-a350-985ee9b007ec", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:49360a21-144d-5cd9-a7e0-6356bde46cd7", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9330a591-ba83-5204-bcf3-1a822cd89c38", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:03926da8-a705-5262-a676-fbeca1f65152", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6788a8b3-a2a5-5e39-b8f1-715c8f7e4900", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:508dfbe0-510e-57cf-87f1-163413219e86", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9c6c1b63-bce5-56c4-b1b6-b78f970ff85e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fd33fa04-f5f9-5567-8bb5-1d572f3d2dfb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7025be4f-6208-529c-8cc3-b0d58e377aad", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ad1086b8-3579-5347-a5ce-d1599ea6cd91", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4892e6c1-9850-52f5-af85-c2163ba03367", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:516ac0dd-e28f-5ffb-bb74-ceb91647f1ee", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.7" } ] }