{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8bc262e2-0a4b-551e-a9e8-d44052d8e720", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:50d2ffed-cdaa-5fc6-b219-3736b2dd5192", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b0840d1-320a-5bcf-8430-2dd6acdd549d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f470aad-79f2-519a-af10-a8b76769afcf", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0da0091-df4a-5528-9d43-213ad8ed569b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecf1f78d-242b-57fc-b43e-14f7cde1b052", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bda357db-c077-5461-ae65-4a84dc2025c6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7816c805-e330-56a8-9de4-a039a2691ff8", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:405aa489-79ae-5412-9aff-840dc5b1f0c9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d69c3fce-e23a-53be-bbf1-1e5c4022a729", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f3152f5-07de-5707-9ca6-89d66d8ff536", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7bc2835b-1418-53a1-bfa8-1b5a77085461", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:978f28ae-fd0a-5313-b28e-65f8406a2a42", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a9a2be6-24b9-55d7-991f-fad37c7695ca", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a677602-8bb0-54b0-86f2-c79ec29a87a7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4428a130-1bde-5de6-9f0b-9fe63f7480ef", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d44914b-011f-577c-a286-e1b922ed34c3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31d55d1c-6f4d-5e8c-806d-90b37a57625a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c045b0d5-4b19-5305-8c26-1ba0c1c63c9d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8334458a-79da-51d4-bf69-c0d221a801b1", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57fe3f52-0343-512f-99c6-edb198e06d69", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fd4996a-7663-5daa-8bf7-5fd5073b6f72", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7799c45e-1249-5ae6-a49e-e692913ce8ec", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f78baf8e-bc2f-59fc-b567-342c39ea63d0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1dbe6f3-5280-5f90-adc5-c8946444abd2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25a9a98d-1554-5c02-8951-b1ab602b470d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76d02b3b-0a4a-5276-9172-b08595d42194", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53554de7-04b7-5b26-a979-f613dbc7f364", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2fe11a6-c1fb-59da-a301-5982b5ff6372", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a9017d0-6f2a-55f0-94e4-3cfe65bd2628", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fe67cce-2c84-5c3e-907e-3abca82e00a5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efaa4a00-5181-569b-9104-4e0ad47210fa", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa2622cc-0798-5ddf-b674-196653d43548", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2642c45-18e9-5146-8c50-990e1b092de0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0dee9ec1-acfc-5a54-864d-5a6efba5fa58", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:480f273d-25b8-545d-bdf5-d7f44d9a6c54", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4503ec25-159f-59ef-b659-f31f8b4b7183", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0695f072-0ee4-5f49-bb57-90f069114454", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31-tuxcare.2" } ] }