{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0b7a1088-87b0-5905-bcd9-b7c12b0fc0b2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a297adfb-ff8d-5680-941f-713853555931", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86f95e8f-faf9-56dc-9b64-2cd63f703252", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b017e9fc-3de9-5a1f-a230-b62bf8c26b86", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86562c5e-0e67-543b-bdcd-2f0fe8816e73", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:805fc443-fd53-5adf-8285-fea7fef52b25", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:939e4295-8b3c-547a-90dc-ef1b03be017c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92969479-36c2-5882-99ad-33d0c325e464", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f30039aa-ba0e-59cc-b72f-95f4cbbbd5b0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f29a5578-7127-540f-ba99-62fc80bd86d5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8545c0de-744a-584e-8e97-408ddb2b535b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fb76773-1d75-5e75-bb19-546566a2dedf", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfcfdb51-6777-5ea4-af62-885270fd067e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c25194f-17ce-5e15-a6a3-4ee332649800", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60cb27cb-2324-53d9-a84f-b26390604c3a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c828296-d449-5b80-aac8-c66ecb00b639", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ffe195b1-9e18-5931-a47a-56cef150daa9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9fbe084-2eb8-5a5a-8cac-90f46d802841", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fdda4b5-cdf6-5a8b-a4cc-e0e115abeb5d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f25f3e88-0c8d-5362-befc-42d274e642e0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c667ce58-7113-5c9e-9d72-b7eb924146a8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cf96cf4-9c37-58bb-93ff-cca08721d97b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c7a5664-dc79-5c7d-99b3-400907dd3bc1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e26072b4-0151-59ee-9235-d9b8deee362a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b1bed0e-09dd-5cdb-845e-439779582609", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30315dd0-e6f4-5be7-b74d-8abf03dcecc0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e405a6ca-b905-5554-a668-14d10682c901", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1afa3bfd-70c0-5adb-afe8-c0e9467ef6ed", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:514ef9ca-0083-5fa6-b16c-becad8d87d30", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5f33d6f-3b9c-5633-95fd-2a2644e49426", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a26fefc-3878-5e91-85ac-5c9543cf4b24", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:316916ee-4a67-5997-9cb1-615066c2df80", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37d4386f-5e9f-57a7-ad94-ab60805441a7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd2cb593-eee8-5318-b4e0-829c5959b96d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e311426f-c8ed-5bb4-8315-6844102a49e1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78da07a9-81d4-56fa-9996-62f0adb56d10", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c9cd773-93fc-5917-be8a-bbc96ad2e806", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c952f858-0639-598d-9d22-f85a2eb2918a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.1" } ] }