{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2d52cf44-0b7a-5419-bfad-535173e06dbf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e57960ad-8256-5992-aa82-7ea3472601c0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b17b8a9-27ac-59c8-b7b1-685c17b31682", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:436af3e7-d83b-59b8-b38a-6e4a5e99ceb6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc4edc19-84cd-59f2-9084-e122dd3e46c6", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c18a129-a9a9-540f-b994-0381da756992", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a20d68f-f656-5579-a643-ed5b45577c6e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae17df3a-8a5e-5f16-a491-6c598991f9f6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c955bf8-8deb-5567-82e8-75820da7d29d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2eddaabf-f565-53ce-8070-18231d00778f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cac19756-3c55-5929-8a36-0d6ba3fba41f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b46faa55-6f74-536d-ac90-9221efc42f6e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:610801e0-85a6-5496-9cce-78819d8ebb18", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d597afb6-b339-5e5c-bdb5-7b1116f27ea1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5fe7817-3387-5700-928a-94c3e860653d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bb682b1-0f8b-5c29-8276-1d13609f3f68", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe4b44aa-289e-5b68-961a-c76d350b0cff", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f0c889a-136a-5c60-8381-d5ef9008331e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3983b0d1-60d7-5e7c-8b77-79517f882712", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69c5c5ea-deef-5231-a1db-6bc1b8ecb43e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc6ff79d-5111-51ca-816a-c132b18cdc8f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:daaca3cf-dad4-5b71-9ea4-24870dca9f11", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d2d92c7-5c59-5617-8ec5-9554b23546d7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3733d05-5a19-5d14-b2c6-65339a06b229", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85f9d7ad-793e-5182-9eeb-942b724d0ab5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0483ec57-c8c6-5522-a126-082ac916e3cb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ca39bb0-e6cc-5e4f-8a8c-34e48bc6fc80", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:941b5446-f505-5cc8-994a-eab8e812438e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0109809-ab73-597c-a75b-57d025a4b671", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41ce2498-24b9-541c-b74c-825bee13e918", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e27bfbe-1a6f-5e02-806a-18610d9fc19c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31f8b476-1b4e-59bb-a1bf-522996fcacc6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bcad017-38fa-5403-832c-87b3cd1967f4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd4228f8-6bd8-53e0-843a-7a17869371e1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cba5e9ed-aaea-5160-b84c-19c1f7e2bbcc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:679cf085-92d4-5b32-b052-ca40e724b219", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51e9cff4-0aa3-5181-8366-60a3cfee4a19", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d192081-4138-5343-9040-1923bc9020de", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31-tuxcare.3" } ] }