{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc1bd63a-b0e6-599d-a251-80ea480fd215", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "5.3.39.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:539e203e-ce5d-556e-ada9-de0336ebc179", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a609fba-56b6-5984-ad30-fda13a0c190e", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-aop. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57b6ef33-e5b8-5b7c-84f4-8e64fcec3c57", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e00cb42-b36b-5b23-a84a-ed0f5577be7e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6254ca8-df80-5d85-98e2-59713f5c8ff3", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96b60eab-ff5f-54fe-803c-4136bdacf72e", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bac372f-b754-5917-b4de-76e216e27c02", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7aa4ffc0-e19f-5204-95e2-cd59ce2ed4dc", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aop 5.3.39.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78b814c3-09ac-539d-b70d-1bc12cd0c590", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0ffa34e-80f6-5c81-876b-b1b6668c3055", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf39059c-1e81-574c-b184-83825cc18821", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fec6cac4-b276-59f8-bfac-15aba010f195", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24546a8b-dc11-56cc-b2d6-664565fa8ef9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20dd7810-da78-5f26-9fe0-ff8c18682bfa", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a4e12c3-bf0e-5d0f-a64e-4c65385c4e07", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ca719a4-76ea-574a-9c79-b0caedfd0a6b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38327c31-e038-5aca-b840-9187cbb244ca", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fdd1af3-86f3-544d-9f2e-afcd3a7fddfd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49799dbb-174b-5f3c-a573-14e172f4ca83", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-aop. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf907da9-194f-5b16-b58a-6039b2217a33", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fb66c8c-7132-5c52-a7f9-2ac6d5cac2cb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9a90ae3-5654-5d89-8b7d-5bfcacab669a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:556b0f0f-13fa-5c8a-bb5e-4fe6bf56d50a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db6ab0b9-0d47-5cce-8659-703e227e55f8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a7319c3-1396-587c-a9c9-91fe77d3c771", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93b18582-e81b-5906-ae46-be1996944707", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3968a43-2cb8-53c5-b4f5-f50545f1e67b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f463a9ad-30da-5fc8-856a-e3028a4da2e9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a11e89e-934f-527e-b96b-8efeecbb5941", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65cd72c8-d5cd-53d1-b358-ad5613a3eeef", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1421e798-718a-50de-a633-df816192da80", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:133691d9-a714-519f-b655-982e52ccd0d1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5983401-3116-54c1-a259-0ad589d107e1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@5.3.39.tuxcare.1" } ] }