{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6ea4db38-45aa-5def-adbd-e143b38c7248", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.39.tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b3b1841a-b525-5ac1-ac89-10aa0ee329a7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a2fccb3-af05-5774-b6a9-ba58061aff62", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.4 of org.springframework:spring-aspects. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:818ead35-e372-5acd-b57e-c2ca373e5f07", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b81a8a7-5e3d-5315-a6c1-43760eed1f84", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57c09359-d8b5-591d-8448-a86d0dc62cb6", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59e16794-c77a-5382-9fa9-17f04c28aa9e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7a294f1-353f-520d-a44b-d8d5ea61299c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9e988be-3759-582d-9ce3-e9f004a1944d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.39.tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:054a38b5-0252-5d95-abbe-cf2c0b441ae8", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6839735-226e-54e9-8db0-d843513a00eb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea2d3f5d-89e8-57ea-b187-f68c6a31031a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9ca5797-ff32-5741-b71e-48ec55203c0a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f8607ab-277d-55b7-a0e2-da612e145d00", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec74554f-ceac-5ed3-88b2-7e1ae7a291a0", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e86c9be-a81a-5fcf-93dc-2a3ebc525825", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70a6e00a-b450-5946-bfca-e3aaceb801c6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5d6cae4-bbb4-5b81-abc9-3c40494cea37", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e5da631-f035-552f-bcf8-2a0d5ec3e001", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3b26176-1734-5446-996b-257d243cdeb7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.4 of org.springframework:spring-aspects. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2b25b21-0985-5965-b7ec-2bd15e8209bd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1df4577-a0a0-5c3e-a8cf-0a4f2d1bc1d8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb936c50-3074-5223-9560-2ded2ff7a9c0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ff42dde-ee42-532e-adf2-e330a67299ca", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:974a2d54-e024-588b-8a20-48c4a6673e3a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50bfd6bb-a31a-5a8d-8ac1-60c1fce985e2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8ae18e3-74f3-59e6-bc67-cdbda8fbe4c4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3cb559a1-cdb6-5e48-b28b-314d30461cab", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe68a509-2e6d-5adf-b97f-7e55f3ceeb92", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3885dd0-6334-584f-b012-8c5ed50e9abe", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9e13a88-d494-5def-a0c1-0ca602ae8815", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e02f42f-fc16-5570-92d1-a239a3927b82", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee1dfe44-2c3d-5cb9-be06-ddf7ea15d5cb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c68180c-f307-552e-a1d3-e7b8301236ad", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.4 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.4" } ] }