{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bac26944-1385-5bcc-8e00-a00597a657c6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:48dae9f6-3c18-57e0-a324-9a79c9f6213d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e69c467c-b847-5422-a0e5-7864437bb369", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fbe13bdc-2e1e-5d4d-945a-757cdb054387", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:37672a73-2db3-5b20-9ecb-225d8aec7059", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e25b13f8-27ae-55c8-b3c2-6871412c4d70", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:db1c8c15-f6c4-5639-8ca4-4998d4f25755", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a3aa7e9f-fd90-5129-9f24-de0f27fea639", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5d7f48d7-7cec-5ca1-b9c5-c36c0d3d2c66", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f1ef1588-b31a-5271-85d7-c8e132d7e61c", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ac382cc8-99ee-59d2-ae31-705e02bd25a8", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:31ec11a8-2bc0-5832-9f11-70f946db3325", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:87265197-c6e4-5416-8ad6-91c2f6d25aef", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b020f5b3-6c21-5ee0-8649-fad78d1b0eae", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4dcba8a9-ff05-54aa-a51d-4974c608c8e8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4f8d5286-905e-51df-8df5-cfd182265802", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5c32be8b-022a-50b6-9c2c-c7058b74a387", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fd8f2e57-3067-54c4-9dff-c8e55f3e1dc4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2bbd9ce5-10d5-58af-8e77-665c026b92f4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9fe4c016-9aa5-5975-9bc5-d45329ea5157", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:df7da72e-ade6-572a-9efb-67db3ae50631", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:358feb66-1f26-5867-85c5-04e8fff8beeb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bbe0de38-6674-5511-bb2d-64242fafd455", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e4fbd3aa-d5af-58c4-ab5a-e812d01cd187", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a60ce20c-b139-566c-a43b-b90efc134496", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4fe0b4c9-fb91-5cf3-a876-06915c54a39a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:79fa9221-18dc-53ea-bb58-6e2068cc3210", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f3a29a75-2ac9-5893-ae5d-98f62feff455", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6b3ef113-02b2-593e-b0bd-8ccf4632052d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b04ebf09-32e5-51d2-93be-8449b13e8725", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:421eb406-09b4-5f02-acac-3b43fa07fae8", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:29d6975f-b44d-5a85-9e03-8a8bc546b2e8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:68429c19-207e-5f22-8521-ce868a03d886", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:beebfee9-eb27-5c5e-94c3-0a64d1ac310f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c25c9be5-339b-5a29-a81c-4545b25f44d7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3b2a7ffe-7edc-5d9c-b8c0-368743430d4c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6c93e70e-a7c9-5a1e-a902-9d57b4524b6b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4c81c314-c9a7-5112-8589-6815a479317d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.31.tuxcare" } ] }