{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:50aee9d6-6a75-5ee4-a3c9-219d4a38963a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.39.tuxcare.6", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f9175880-855b-54d5-ab1f-703f842c469c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7bcce986-9cd4-52eb-96c3-88a507188833", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-aspects. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:43836c58-9ec9-5294-a0c1-315236bb1280", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd035bb1-d7c2-5970-92e2-2875f55d34eb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5d650610-6ff8-59c9-b996-6cebc48c274f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f10efe8b-4ef2-58ff-8f26-c85ce1e6f12b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:60818d7c-0446-5663-9836-30bc64b0ee9a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e9f98a69-857e-5b58-a717-83107d7bbeb0", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.39.tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b5cd9739-4bf5-5bf0-ae8a-e0b2f0b47b80", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d2ee5b86-8839-5b7e-b65b-09f6137f6aab", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b8d4e27b-6646-5cb4-980f-af96523abb0f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:66d60f01-2e7f-5820-be08-34ce94399514", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cd3ef69e-bca7-5d3f-8434-a100dc6bb70e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a9dbac18-d712-57c2-a112-8dc96402df7a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dd71b6b3-d5af-5ba8-8dce-c50bc3f691e4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:43a297a1-0e05-53e2-a15b-ba6abce5b90b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:020885b9-4a37-5bef-85b2-99798570d3c5", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9c5510ba-786b-5afa-9e80-bcd0d3a7e13d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f457777c-4b5e-5729-9391-208426a66caa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-aspects. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:52a904a1-9861-542a-80fd-5866d5b92dd8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3ff5202e-e495-5a93-88e9-c25b42af0822", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e87b5b5c-ee4d-5288-8ab2-091de22da532", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20b99efb-5d6a-5b52-b60a-5e88e68131aa", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e0179a73-ed30-586b-8cd7-cdc5cd977470", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2009f563-b09a-513c-addd-63e3fddbd603", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a91a6e88-6d07-5c0b-bb67-66e04d720260", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5946c610-976f-5347-af9c-09ce385718e0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c714b5a-7c72-5f85-be00-ad86ffae2571", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:aa301143-7203-58e5-8a96-b7796c3d9a0d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:62c1a36c-70ee-5504-aaed-2364198aaccf", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f3d6ec67-4114-512a-95d8-7c35cfe34727", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fdaf274c-838c-5a1c-b47e-710382b4a305", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:965b61f6-bc1f-53b6-843d-1d2b19e5ebd0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.6 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.39.tuxcare.6" } ] }