{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f1a1755e-3101-590d-a1b5-e838ae9834b8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ac32285e-7240-5b32-a97c-19ccc61a7242", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16e832bb-7ce8-5739-b91e-44ce032a8efa", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a810a97-0bd7-5e6e-9e93-acfa22eaac93", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55bdc91a-20e4-58fc-b97d-70bab90f8c9f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae6f1df7-86bc-520f-a9ef-8261b509b370", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:654c0a3f-1141-5243-af25-233b43eca79c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8adcfb83-0910-5105-8479-e7158faec479", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:668dbf67-b046-5034-a0e6-dbac70fc00f0", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:256fc12a-7a5f-5900-9900-8f70e00e572d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fa3740f-6524-577e-8f2c-a3fdea12f33a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de448cc1-e269-5144-8506-b7941b54cb8a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c4ab99d-1a82-57f4-99d6-c042c1fbc028", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c369793-a2f7-52b8-bd64-5c6597049d62", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d945149a-9231-5164-ae63-bb021e354c0b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75a0e788-5449-53ee-9efe-27de09a993fd", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1039ca7-903e-58f9-9375-16ad089e7834", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81ea9022-d314-5071-9bc5-92f56c498fa2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff3ab13f-b6fb-5be0-ad45-5401bb57af38", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15522f33-cc0d-515b-bb80-18fa1a072deb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4e09c37-a68e-5083-bc4e-4bf0f96bd9dd", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77ffefe6-f54a-517e-9eaf-3cb5d4fa7966", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99e2d1d0-26b4-5a68-800a-79df8604de09", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50d2ac3f-b785-5528-9d70-0ebda0a980b3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:304d8444-4f83-5521-96ce-1153989bf4c0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a63dad41-d09f-57b1-9f09-9ed65430518c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f35f674-a823-5959-997e-3d60457c536a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e13b6ddf-361d-5819-8d08-d3eb24adfbde", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12e45dce-06dd-54fa-bba4-c154fd7f0ec3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f218a12e-46fc-596e-9270-fe4f8004c0ce", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8155882-1cea-5e37-902f-093a9d1eec89", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78cffb4d-7148-5685-b656-8c9ab58e8c0e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a444ffff-a52e-5144-8d15-0d73f673ac4b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b36d26b-5c80-5b3b-ba68-72723edf0d05", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b092f17b-3355-50cd-843b-78b66554bfc1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f594793-76d5-56b1-9e5f-1eb308b01341", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d7c885c-3395-56bb-b4b5-f10e9090d3a6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6eb62204-9622-57a7-bc8a-6a4cc20d2f04", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.2" } ] }