{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8dfed45e-6da8-5c4e-b5d3-164e9c2f0247", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e70a8e0e-4f9b-5599-9e97-1c77ce8a772a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfbe26b0-a8ee-5f5a-931a-7c2e227c53ee", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26caff40-2ef4-5892-b04e-f49c35a78c52", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6267a502-0a44-58f1-93b9-d69d77194cd0", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:921c1d6e-2ff5-5014-a6a0-2de6574dbc7c", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a473a3ca-aeef-54c1-b0df-f4dd6164db7b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4f9ce03-8529-58e6-9458-d7b45f590236", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f562d4ff-92c9-5406-9ceb-6096dbc8da92", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7b755a8-c152-523b-80f2-f7683e54c31c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7eadfd4e-6e68-5694-b591-1a4c89f1562f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98e6ea7d-909a-5e95-af28-1109d1f8b9b4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d645222-3e88-5db5-b762-ae5264bec8dc", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:becf17a7-b8ec-53f7-a100-496fc083b540", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:619add94-1974-5e32-a583-f4c1e0fa5733", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9bf81ad-cb82-5dd9-8f19-ccbfb61ea9e2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4b7156e-4622-5f4d-90dd-8de23647da10", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:719c6b39-5e61-5c95-a42e-14b0b1f68962", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d91dba-498b-5aae-b930-00848221a93f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbba3a46-41e2-55c4-ba9a-abe8eed7cbe0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd86500c-0480-5d91-a7e1-71d3db4d9a2b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:592b935d-84d9-5fc5-ad55-7eb43759fc84", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1ab292d-44bd-518a-8da9-db749bf9c0ec", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fae5b272-7680-594d-87a6-b490f37f5ff3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:831220ad-577d-57d5-95ff-cfa03ad8b419", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a9181c0-55cc-5a9f-a41f-8903fdfe565e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cbc9ec61-45f0-5c5e-a29a-e1cf5b681a80", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d1d53db-47d2-53a1-9891-17d0e5f5b168", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:865578cd-7678-5e0f-b0fb-00100f026dce", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8203390b-979b-51c0-887c-ec938a26f079", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34919f97-aa02-5101-84c1-9c4301570133", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62209f63-e99d-5347-a9ea-6721bb1bcb1f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3603ab88-6c9d-50de-bdec-ff00fece2997", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4384563c-590c-5f37-aa74-d0e63d201cb3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3cc791a-74e0-59d7-879f-f54241613a70", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92e9b32d-3805-5de1-a308-1b93b7305f64", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b345c3a5-8087-5f1d-a18f-bb4e2374f1ac", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7614c852-ca56-5150-8015-a290f212cdff", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.2" } ] }