{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eb9eb8a4-911d-5dbe-9282-3a794a04af38", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:18b8ee60-e707-5e62-ad1b-86ffc3c1c4b0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:686d16ea-72d1-58ec-9b74-344837d3ab29", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3112b13-80ea-5ff1-9158-5d5877b74cfe", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b86635c3-75d1-52c7-9c1f-c377a9d974be", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:85081978-c6a7-506b-b8ee-eee407f8c5a9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3bf0fcb2-1cbc-50fe-8442-ecc2b87c80c2", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2bd1518e-5b88-515e-ac4c-567121a97c05", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b88df49a-57eb-5e41-a158-4b5c48e84cad", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b53028de-da7e-51b8-843b-73f6d4a13785", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f2e23983-3045-5e65-b30a-3e4cb4aa762a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fe3ea7b9-e783-581b-880f-03151f3b9a5a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:20dae278-24ec-5ad5-aa95-551598efad44", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:65a6d324-3c06-5a0d-bdbd-7907090cebd4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c8d0749-8e6e-5e23-891e-e26b86ab0a23", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5aa7d71c-91f8-54e7-919c-52917dc29e72", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1c774fc-3e8d-5b8a-96d4-c73908ec450d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:535ca16f-15c4-57ca-b080-de5113778de5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fac97804-3793-53b9-9eb3-76aa1a817623", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7994649-c343-59ab-a092-3a8984bcdbf2", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c11c9815-035b-5a67-b9a2-c3f7668f0178", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:af78ee62-a0cb-5dcd-91e8-789b982b5d33", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94ce4ddf-0bb1-531f-b1ce-98d6968b35e1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e52a1e9-2b03-5b0b-b4f7-3ccd09aed375", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7686c2b-fc71-5e6c-8e03-ab8721d97fc9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:98d59e12-4c01-5b59-a768-4b2c2a749a78", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36da09b5-52d5-5aac-b574-f4bdf03c6e0d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:171a178a-33d4-5cff-8993-05eae9499ce1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ff54b1f-25c0-5f5e-af53-bb5fdf8f0159", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e0af6120-2c88-55e1-94b9-e26a5f507a0e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ede8a04b-8143-5e49-8202-7775438f7b8e", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:edf98694-b9b3-55eb-a7f0-cc5cde6eee39", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:45bfb84c-a503-5d69-9d61-ec7eaa210568", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e709060d-f966-5e71-8f4d-a0105b6ef17a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b35b2d8d-1cf6-53cd-8532-11ec7c59786f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea39ec72-823d-5aca-bd5b-00bb1aea9254", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a60d8840-4b1f-53cd-a783-724ee970847a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dc0aea57-8e38-51e5-b439-97b9441cfe28", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.27-tuxcare.5" } ] }