{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8e4ed0bf-0684-5e40-bf25-5b4cffb3d92f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1a80edfb-1615-559b-9ed9-caa21faf9c5e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b21c516a-1521-518f-ae80-12125219e521", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8901798-c12f-5a1e-95d9-936a0047caa3", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90de8829-068a-57da-87ce-c305b5aecde6", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6127d35-de6c-5b94-b05f-526cb3e7b534", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:410d1ca6-b017-555f-abce-aa4cdf1b0cc1", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:166e9c44-3471-5d89-9c25-c6244af3004c", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0a91098-fc98-5455-a6b0-6b03503aed36", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ccad565-8e83-5150-b4bd-0bb8ed58d13b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3179f2c-fe22-5eb0-9ad7-56c36b5adf69", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00893645-dfd0-577a-ab2f-ef0b930ef53d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a20170e-3232-5c95-bd09-8ba8d6e4a6f5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb378a66-283a-5da1-84c6-3ea33744f8fb", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0491a40-fb47-5408-a5d0-005a75e8005a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04d0a17f-aa18-594e-8681-b0a7fde1352f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdac2648-c851-5859-b68f-9b518919c11d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d9ca61e-7e19-5285-bb44-8d5105913155", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa0756e2-7596-55de-ab52-240ac39d38bb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:564b83a5-633d-5761-96d2-f4542f2ca912", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a58e82b1-c0dc-5806-9591-d91f7a549862", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a09f0aa5-b594-5a56-be5a-57856088099a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2610ae19-6a06-5b7f-bcf8-af848b02184f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1db9a326-832a-571b-a866-d184bbabc197", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cebd19ae-4d94-52a4-b576-814ec7798cc6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e324c720-eec2-5b17-a531-bdd7e4f6cfef", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:354a1b2a-bd6b-5c45-94db-4e7f55bf4d63", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54f211e8-f680-56ce-9ecd-7daec4f22596", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5840869b-6b48-5e9a-87d3-dc5e373fd5f6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29a8a29f-27fc-545e-9880-bf8d328274cf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7ea2847-b848-54f7-9b43-c33392a09da9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df372799-8a86-5abe-adf9-a2add5c216f2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7754590f-f7ee-5678-98ea-cc2a5822b8ce", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d0debd4-6861-58e4-8318-db5348547926", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54d179a5-ef05-5ee7-a555-e82149a0e23f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf6f1b29-b05c-5c33-8010-de6c81d07a3d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:657b96a6-54ad-57bf-b4ed-8092dd5bdd5f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c781992-62ca-56ba-ba99-89961b8a9407", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.1" } ] }