{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:57f87788-69c9-50c3-a791-f1b4178b339b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cfb80aef-c95e-5c45-b1b7-05308490aaf4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:530b1728-9468-5622-8114-4110bc47a9ed", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:702a86dd-50ad-5717-b4e3-cc73240a4bfb", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2417e528-4cd2-5ffb-afe3-551a87c169e2", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b24b3eb-160e-5262-a630-bbbad5b83be0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f49dd800-e61c-5c5a-aaf9-d79eca2ecbfd", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55d2b1a5-bfe9-5c11-9e3d-1fd491828808", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57951239-4d20-51c1-afbf-cd902b6f1a98", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b0f90b8-5a6a-571b-8466-38911ed1bc8a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:477d2a77-7148-5164-b95c-be009526183e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6c3b44f-00ca-55a4-9379-a18b16074831", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8e6a9cf-664c-52f1-9597-e2740a8952f8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebf43081-8323-5c45-b5ca-79423fb74d98", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4103e6ba-fe92-5a79-8aa4-5a612c6a6a09", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48329041-15f6-5d81-8944-5ceac757ac50", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15a49645-d2ec-59f9-9af3-8d10ab17a580", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1548ad2-7307-5ad3-ac27-60332f5c9b8b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82c90cb1-85e6-5b9b-9a38-1c044cca913d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d68bbf2-5dc2-5538-b155-50e472bd640e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bc5240c-400e-54fc-bcea-f2271f63a694", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42b7e150-a942-53f5-8e68-071b6f6cac1c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2deab0e4-6f5e-570f-98c7-c558c54989de", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5cc2d168-5598-5c27-ab00-ac2791e44f69", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e7b32b4-21e4-5ddd-bd4d-a8351bd6ee46", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ac51dcd-03fe-5f38-87e1-ed2511598c67", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:233e6952-951c-5be8-965b-d1e49af5a47f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:684895cb-42c1-57d0-93d2-9abf0251e999", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34aebcde-a581-58f6-a8c6-ef87ffdbc23a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c1cb461-563c-57cb-83cb-4cdbbef346fe", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40e1f472-aa79-59d0-a1cb-598346a895db", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:839106e4-492b-53c7-a9ee-394a49dfc634", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf3e6b75-49ea-5224-987e-39a2e88247ad", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc289b99-9384-5deb-ab2b-8b5e833c84f6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7317d220-558a-5812-b582-7f01b3583804", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5763faad-af89-5faa-94fc-e2ceb0c90592", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea706973-17d5-5882-a466-f339b491da15", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6a3a2a5-a142-5375-9ef5-9a06c1065dd3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.2" } ] }