{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa1e945f-d3bd-5679-bb5b-4fc28797836e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:90040e02-416c-5a14-bb0e-3488a05b33c2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:128d9bb2-d206-51d7-8f86-9878a51d670a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9481dfee-6b71-58e2-be27-50ca461118e8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c27748e3-acae-56ba-af12-cd07f53187c9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6760af5-3605-5c4e-a759-8e0faf4d2e32", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a5c45e5-e374-5d37-aaf1-d96239876c86", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9164dbb8-041b-5717-91be-1695370da929", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3a0ddad-2040-5f73-ae5d-7c8c7302203f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2f0ca7c-a5cc-5e17-860c-23245ddd38ae", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:692022dc-9ac8-5236-a3f1-36ff12ee8f5b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c565fe0-78f6-5efa-a450-9dfb0b937efc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cab91e6f-f88a-58de-8e63-0cc54b39e0aa", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4c8a7362-fcf5-5d52-8620-d1246673ad72", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11f7592d-5c34-5f2f-be6b-498aa03a1cb1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5b4da67-7008-5c16-839f-518282668768", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3839da34-bf01-5e54-890c-84ec60230dc5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1137271-0c9e-559a-a135-c2c6f10e0e1c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c55ac387-3810-5ac0-932a-0da94191c467", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:748d388e-0b65-57ec-9ecd-778525e3a374", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8cb53116-b5ea-5849-bac6-19a5f7622a1e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6451a16a-505d-5143-9a52-e35a52553d8a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21f33c21-fe39-579c-a220-e9b192c6ef2d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9556ae09-22eb-50f5-99e0-b9db11d0f5af", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7d796fe-ea7d-50f3-92fb-72160e86fe7e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ff9b0d7-508a-52ab-9793-45ae8c6e1485", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:474a856a-25c0-514f-bb5c-93983dff7514", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:742b6a8c-470e-547c-8509-a012c941c6e1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4fe722ac-017c-5d18-8ecc-5882a603399b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aec2e3fa-e04f-5693-a11c-af372542d9eb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7811eb2b-e29f-5602-b1d9-08fc985826d1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35aa30a1-57ad-5ca8-bf59-0a2df19eff1c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b4e3d91-c9b1-560f-bc10-39cddbe90a28", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8d18cb5-419d-515f-bc21-38fc4a70bd35", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:249c818e-6bc3-5de7-ab58-36038c9c9257", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69830e94-1554-5b0c-8458-1b5ae225200a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9513fac-2084-545c-aa7b-46b7dabb3faa", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6dccaf01-b59a-55a6-bd0d-4ca6d28e9907", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.29-tuxcare.4" } ] }