{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8cfdd60e-aa6e-56b0-bd8c-58ed1e92cc0b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ebc75bf2-3dff-5455-b46e-d9ceded756b9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:001c5af8-a4cf-58aa-94e7-1a1a9890dd44", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3f13201e-a6f8-5624-945e-00c1fb89f2e6", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9d2d39f9-cb80-53d9-bbc1-dfa9281031fe", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9da8ac9c-e02c-5445-b5d9-05a240c68cc0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fa8d09a0-a0d9-5feb-bca4-bfcbc13e64d0", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:27170dc1-413e-59b6-8467-94cd161d7cef", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fd8d583c-c7e6-5325-9c89-fbbda34fbfdb", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ca7476e5-93a9-5a98-ba85-9ca6eaa2a3d5", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:79a89979-4d32-5d95-bd09-7f23fc0816e6", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:294b2217-a7a2-562b-b9ba-420637098072", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:180b23ab-4f93-5c19-8fdb-06e07e94879b", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:43f39609-c9bb-5494-aec5-08b0c3ccfdbf", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e4ea8f0d-5b6a-5341-9e61-aef6717a85e4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:72add0b7-225a-5148-ad5a-ae0aaba4cd1b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:284a6fd4-0573-5bf1-a83c-08bb96c917f6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2af0c1f7-c3cb-5c76-9a85-c5778698c7df", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9f545c94-bf6b-5c66-a47d-294762a7d9ab", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:db741715-6aef-57cb-abd6-63156f82e420", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:cb5d785d-09e7-544a-94aa-86a6cac55df0", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:505b8e3d-9a85-5bc5-8083-78349cf447dc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5c69671f-9a93-534e-bc8a-5ea2732ac463", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3cebfc67-199e-5d46-9dc8-fa724b198cf0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:42ac172c-33e2-5b1f-b41d-f089040f1070", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:70c6b06e-4830-5990-945f-f3b91f4515f7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1e1227e0-46e4-5e36-b168-db3fda79492c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:eafdbd14-0b2c-5a08-bfa9-20b62af43537", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3d030bac-3a81-538b-b49e-11c124a4d92c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d406ce9b-78f1-5dd4-8d0e-967b9ffcecbb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:526fc772-a48a-5b34-ab6d-810088fb8083", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:81057aa5-3f17-57d4-ad1f-1bdb3709c9dd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:dc113ffa-41ce-57bd-8654-607c215bb2fe", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fc7131c7-5f4e-5a71-8535-5758c4f63efb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:53d2ffc3-caea-5736-987f-a7fbf6f2f365", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1c15a8ac-4d55-54db-88e2-4089303f5b3b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0923ef5a-2e86-5d36-a6ab-6f39f277bed5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:454f9ff8-7c45-5e9f-b783-f9fa41a0719b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.31.tuxcare" } ] }