{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1641714b-e562-53ae-943d-eea4110ccb2f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3cdcb173-a045-536d-afec-63e72ab0e405", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3782dee9-8b0d-556c-9beb-c51fa9c5ae16", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3960ea43-ca83-5f2d-be08-ac1b209d6ccc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc2b9ceb-c93c-51ba-ac2e-48c7e0f51061", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c57e112-63ec-5797-9a23-db3f2708e6a5", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf8922bd-c2c1-56e3-858e-9497562a2da1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:faa1170a-e79f-561d-bff4-ef29a6eb2cbc", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f700fde3-0e74-5505-9dc9-046e8b1cf501", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b895c0e-c715-57bf-b161-bd44361172c8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9791261-559d-52a7-acb0-7e66b5645479", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0cc7d5be-69d2-507e-8a7e-fb2e5ad01842", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0fa21e4-1df7-5aa3-9ef7-36bd5e1b2a62", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ab55159-f37d-5c18-bc90-0a710aa72ffc", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1600c0e-40d0-5988-879b-0cc1606c1a26", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a49bc35-0328-587e-bd5d-52678f385184", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97b5918f-ee98-5298-9f5a-abacc92a7b9d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c09d7540-be47-5197-8f64-b8389985eeb9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ec5129f-0066-5e70-a6ea-a96c0bc2797d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b1af205-4269-5b09-bb1f-d7f3262a4a30", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a42606f-8aec-5151-9d2f-156c4e57ff3c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ded8df01-58f7-5da0-a3fa-363dc28398f9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3df7430b-6019-55b6-ad25-f2dc90c80198", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5cee30a-b73b-5aad-a796-75731f9d4472", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e9040f0-e5a0-5094-810c-45bbf2c58834", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a113c67a-4b45-5395-850e-e2ef6c0642b8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4231cb83-d0f5-5746-abee-3b27e436c13d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64706be4-dddf-57c3-80ff-dd9828de188a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:856601cb-c924-5611-82b4-ba81eb1f47c4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7802e8f8-5cfa-5de7-89f9-c206f98c9dea", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2676a77d-0f4c-5f66-83d2-4d098b0b8790", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3e7c147-165f-5b5e-9237-e5b32ee34043", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d819823b-56f3-51f4-9eb6-90ed6305bc45", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b931f7b-b0d4-58ed-9ec7-4eabdf4831fc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03086e1b-160e-59ed-89f6-7a113fd94a16", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1a1998c-e250-5890-8ab6-756c480e6123", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9118c21f-dd8c-5603-a00c-cbcfe319e076", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49c5d379-b826-5845-8c1b-f95d0754296e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.4" } ] }