{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c5cbbfb-e58c-5b68-8d10-c30cf69f91f6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d8bcdd2f-c770-5ec7-add6-19e16df1aab3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3d8de1c-49cc-57a0-b8a8-9e1aff9bbc7c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:babd24a6-565e-5bf9-b5f5-43d0d8008245", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c352fda-4e73-5c2f-a4a0-42a065a584f1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a005314f-6158-50ec-bfb8-81faf9bd6022", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b75b4d6b-e6e3-5e9e-9deb-4ae45bb422b5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e363be20-87a3-5243-95a1-436a2a5b3122", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c58c1650-0a20-5df6-a9be-5e7a190511ef", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a4f186d-4ab7-5c52-bc92-bf4099213a1a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87367deb-dbaf-5c31-bf12-8b028799ee41", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26df2a97-f5ef-5f5c-82d8-33269a9372a0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:269729fe-16b9-5f61-9bae-9783b4b44e83", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09c1fa60-1611-56c0-84f9-14150d2a0e5b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29fa8842-a15a-54a5-a59c-7ff5e2f280bb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b562cfc1-9772-5766-8abf-cec1a92e2a49", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c4ce725-7f1d-5e71-8961-d44eb3d337fb", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:095d75fb-601b-5ab2-9be2-55666803b0eb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a4a3df3-6416-5ed1-9bb0-acbfff4375a1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38aa038f-5ece-5015-9f27-5ef7d3ece329", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f69f7f2-549b-5552-a5c8-1ff1089f99c2", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a0e076b-ee4b-57b3-a632-9858e65f492f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd2c4780-0e12-50f4-bdae-4f393978e9eb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:701f8964-f308-5c55-bdd0-a0661bf37486", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09df75ec-412f-56ea-8dda-611e9a5999cb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4df8554c-cda1-5d73-93be-200e375d9618", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbeb9683-b055-5262-a147-66807738ccf3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b752214-c758-58b3-ad09-af7aa7306684", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0164b864-f57a-591f-bb75-055149688362", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8273338c-18ac-5943-9d89-54d5534bc503", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0750d5c0-d118-5691-aef8-ef897a5c323c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e4b6893-3ead-51ae-a2be-7ae484763689", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e927e898-7bca-5aca-bb1d-95689e0fb19f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f39ced5e-0813-58b1-9fbd-dc61455ceec6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b29285c3-c1b9-5fd3-9fbb-164d2f2eb352", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5defe4cd-e014-5a3e-858e-917d29d8be37", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43f2db06-aadf-53d6-ab96-1523a4a885e7", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f1793441-6e76-5c3e-809a-c50b3b90c1ee", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.3" } ] }