{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc6cc8d3-3b38-5284-8524-3bef531c42d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3bc2d9d5-f72c-55b3-8753-7a8ccac30da6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6413ff6-2309-5fff-91a2-809673e72a89", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:814c662f-024a-554d-8828-ab1925407e44", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ce830d9-1905-5787-859d-6704a956d69b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2300c5a-5c69-5a65-8a73-f1fdce84dacf", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b33f79d7-b1d7-5aa4-9e47-50281657d8ce", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d94cec42-bd40-5508-ad88-d18f6d45e7a5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfd0ab6d-d23d-5eab-866c-744aa8c78f07", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49a7c9d4-425c-51cb-b67b-a713d90a26d2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9729474d-b741-5d11-ba8e-d74383709fff", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ef8e81e-3a92-55d8-9a1b-f9bf948777fc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cff25d9b-176a-5601-9898-8c4bf81eef6c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6070c991-36a2-5fd5-9300-de5975027726", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3a7354a-7ae8-5fc5-9ddf-d84b3601246a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bd308fa-5bc5-585f-934c-6061d7fe0e5e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9b4785a-eca3-521f-9fd0-bac0b83395d9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6e350c2-8dff-523c-8afb-46125edd0351", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95484296-dc4c-5783-8742-4bc03c1f2a82", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd2518c3-ad41-5887-bd42-73fd15e6bb19", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e62f0e1c-c0f3-57e7-b3da-40ae0b1b93c6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edf0c2a8-e406-5821-bea1-2d991d4e7e68", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b431dbe-03c3-5f62-92c4-1bc346b96a6a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81f3161e-52a5-56ca-a3e0-6f47bb6df798", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fc38930-47f2-58db-b5b0-a92a43939111", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abaabca7-ef30-5c6c-a6a4-b352f6cf4e76", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff985e26-4d2a-5af8-9dc8-3476582800b3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbda41cd-a41d-5c98-9c12-050db6f599e7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb8a234e-b68b-53b0-9b44-548b91e6ad1d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92ab4926-e65c-5903-a991-2eb385d7a702", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:597c9283-25d2-58fc-b196-34d2263ca993", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:288225bd-f049-561b-8e1f-24a024817669", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba03392c-fcd5-5b2f-9ea1-a010b27296e3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:969a7db2-ba93-59bd-8793-e5b7feb56a53", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:875f8aed-3592-570b-a0da-50421cc6a9d1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60dec09d-dd63-5687-8846-eba651390309", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa8ee281-cf5f-55aa-95cf-b9917064bd99", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3be67f4-e155-50f7-91ff-3ced47a87995", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.27-tuxcare.2" } ] }