{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:810c8e53-f911-52dd-a3cd-61a303ccaf35", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:540d93ca-e24f-567d-b2b0-98d6af3df911", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97acd280-fe77-571b-805f-f1ec317323c9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d95e3033-a692-5f23-b003-a24966c61e56", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ff292c7-ec07-5be4-90d9-9381b2c57d58", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:457a5b59-6be2-5bbd-9651-77f20852fb27", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e38f0885-821b-58f1-8596-3fa251c416d2", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f060980-da2a-5fb5-82a0-81040e09cd34", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e27eb3ad-0fdf-5781-a33f-7265628a3b09", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90986654-9bfd-5ff5-aac6-1a0ff19eac63", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:471f966e-876d-5d45-b9cc-f844ce1f09a2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d29dfffd-a557-5da0-a79e-223123c218a8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ee1b181-8171-5b91-8ab2-9328c243319d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1692642a-fb5f-5834-925b-50c756a8aa6a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4bfc801e-b707-5afb-b3b6-2c6d45d87486", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c19e9b9-21db-5fde-bbaf-a2f59d246347", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6ffc807-5353-5141-a3ce-1296610742cf", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4341d9e8-c1c1-5034-ae0f-2454581865f2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33dc81ff-49de-56da-8ad1-462a34321858", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7907793b-8347-563f-a0de-a40fcd5cf0d0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2f3c5a4-ef1d-5fa7-84cd-9bdaae222587", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb1ab696-c03c-5cec-b028-d8012ce7421d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5a20ec0-e7f0-5eae-bcca-30405124cc0e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7731c9e5-499a-5c94-8b82-c19e214fb58b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abc5da25-3ba1-5355-8e46-62c004d45821", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79ba4c81-a412-5778-ba3c-bdd626f476ba", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:109bc899-e656-5747-969a-bdc0937e6e96", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4edb3b7-4911-5461-812a-5626bf762cd6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37bf7835-7e1f-55ad-8c5d-a8d7f4eef485", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90f6c523-951b-55f6-ab41-031e1b328e0d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e470b8f-5ed9-57f3-9c5e-0fabfdbdb66b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d785d800-66e7-5420-a662-3a35aaf4854d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9919a070-cf60-53ba-92bf-ff6b65606678", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8aa35692-d686-5ccb-b490-a8e486871a1d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66637cc0-e11a-592a-a080-7f25c8168895", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d25b53f-c042-563c-a292-51759e94b913", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e6d8d4f-82e0-5c40-b3b8-954f30dd20d8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57d63043-eaa4-5fbd-83e2-c2bb69f87d6f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.29-tuxcare.4" } ] }