{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b5435a2f-be34-5e4c-b0df-cf0368f0027e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "3.1.1.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:400ff205-271e-5165-955e-dad2d6efb59c", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:162c96f7-799a-5534-b774-dce956b282e6", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:248298ee-7197-5992-8cc0-ee0f63baae86", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd0201a1-d2fe-5ce8-813e-a7568acbfa2f", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8d87b2f-22de-5471-b45e-a254b6ac1d9c", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fa70726-6aab-5d4d-8cb8-8a0e549d6b3e", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bf9a93e-f057-5996-af9e-b2c71c2addfd", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c64f014-edf2-589d-9f1d-d89c4a7b0f21", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e50be3d3-d3a9-5445-80c7-be2561552160", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ecb804e-36f0-5c2c-97f4-c50992d2d69e", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fea23c2-356a-5a4a-8c55-95999dac4028", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ef20184-a0a1-5ee6-8ba2-a88ae61e7ee7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a4ce9a0-d185-58a3-ae18-ca11ffe7ca8f", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0aa3133-4569-56e8-a8e1-5db1a09518d4", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:653a4bbb-6f95-558d-839a-0e940118c694", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c17c51f6-b675-5d0d-a9d9-d4cd01e4c735", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-aop 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43d0e6a7-fbc6-58d6-92a7-139409d213cd", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-aop 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a51b320-f532-5c08-b9a3-aaa63cd9784b", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-aop 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cdc034a-8612-5656-b71e-d9078455d4cc", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:670e99ef-77b9-5307-b5e7-67b436636b43", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8887c3ec-0cc6-5c07-880d-44ea04d314ed", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c14d8a3-3bf3-5a4b-a507-14ba6bd58209", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6d6d6c7-cc98-5115-85ad-1835ae1dd8f0", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b1a8705-6db9-5a59-b964-32e6ce97b46f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a5292ba-d415-5939-8f42-127b149d9202", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52c21d79-dbd5-5245-9608-f81303e83f5f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de6a4853-cc34-523d-a1ba-b5ba9cd3e4a3", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb2e4ec1-ba89-518f-a421-b3f87f6b2215", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12402e4c-0d59-5439-bb21-b9d0f4b82a67", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d66018b1-8612-55c1-9619-b72b6d304ca3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b012e5b2-fbaf-5699-86b1-e0d4162118b9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab568f65-8429-51d4-9f79-feb9341c5cfa", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9118ec31-2f86-5a7e-9821-7a67acad9bdd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6fb6cb8-e991-536d-8f1b-c5591a69307f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1af43178-b0da-595d-9418-47496adea5ed", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7a53632-25d4-570a-ba19-77f5a5a06ad1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1be6ccae-eadb-5dd2-b266-2eb5f9638aec", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:589ec079-ec5d-526c-8a02-5e5b4855d1f7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fc39ee6-7d5d-5f4c-ae84-9f84c651245e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae277b53-edd5-5e17-871b-e16e69da429d", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-aop 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c629e5d8-4c69-502d-a3f7-49d4978790a9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90bbb9e6-0a90-5e2d-8d33-8f0572c78086", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a74d5814-221d-58cf-aef1-a6464c267363", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2391b299-13b9-59ab-abc8-61fc8983a0f7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24e16b34-260c-50d4-9268-accffe1b62ac", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56ad9bff-18bc-5011-b217-1f83e70bfa11", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd637131-34a9-5d3c-a7d6-1014288836c2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce649151-1185-5269-9f22-1af59c5a8c45", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f6a4cc7-5b16-54ca-b383-c24d027522fc", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c2d64e8-9cb7-586c-9d01-572bc0877e7e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5bfbeef4-03f9-5b0b-baf5-fa928621b0c0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2ee26fc-e252-52e1-874e-8aadb93a2802", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:684661a6-18ce-515f-b03c-54c6226ca407", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4faf03fd-dfca-57e3-ad81-d229313d08f5", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:137f3774-512c-520d-bf8e-c91a7217f00b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d608bbd-d6ba-5515-9d07-e471abcd5a49", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@3.1.1.RELEASE-tuxcare.1" } ] }