{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:49391d65-92e4-5084-af55-a88784b08664", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.39.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a419efc1-f561-5fd9-bf2f-d3dad5add991", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b38b93ee-d78f-5db5-aeb0-fd1ced87d996", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-aspects. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dccd4e2a-d831-5aaa-b1a2-f5e930ba01e2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6c1dea5-2d9d-546e-b1e9-34dc5e4fc122", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed88702f-2bfc-5005-aec1-041ba2f22047", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:174e4c68-af89-5695-8588-2e1c0ab830c8", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a39054d-8f56-53f7-85f4-2f1b7d54af1d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e39f917-dc43-565c-b0f0-2abaf681c3fe", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.39.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ae31593-b4c9-549e-8e11-4bf8cb4b8922", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6386c316-8d15-579f-9df3-58d1620d9186", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed0b0c06-3a7f-55f0-a0bd-36c478fdbe71", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf987a20-792f-5563-8562-ed31f0b2f97a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:491fcf0d-7afa-5a09-b17f-9a382964e604", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fc479e9-8967-5483-adec-f3365d6c0595", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3db4f2e5-cd5d-5c9f-8f7c-0261f48eed96", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99c7a3fa-3d9f-5f59-b5e9-5b6fdcc7eaa0", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1772d898-60a2-5fab-ab6e-ef21c43a3812", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20f53264-a1c6-5810-bb70-4bb182fe22e0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4da8c20e-d10b-545e-b12f-449cf5841fc0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-aspects. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7379a656-1e3c-5c64-9246-e69517da5c78", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:967454ec-bdab-5ced-908e-3403c4a573ae", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49ad5416-1062-58e5-b08d-7f3c90a11c74", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad1c9c14-d538-5bfb-ba85-1e76debe9c2f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c70863b3-ca6c-55cc-bbfe-ea5a410fb6c9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc32cc76-111c-5836-8578-6ba19998f36d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83908dfd-09bc-58de-8cea-09ea5384fa93", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58994df3-f5d7-5700-a1d9-25872459d8ba", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b5c00f1-de60-51dc-a9d9-3fe965a52672", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94e9492f-54ac-5518-9b23-39b9a1c5a83f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92fc7539-3fb8-56b1-8874-e3d687dae10f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c092f23d-3fc6-50d4-9786-6814e631c033", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:619997b8-1dda-5a59-af31-17fac7126bea", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcb97651-4693-57bf-b50c-88b39e32c7b8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.1" } ] }