{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:85ce1d20-e5d6-5650-9f87-8de89d909adc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6b7d7dac-68ed-548a-a420-04a6e4ea1a44", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c15f4654-cd23-55ab-bc8a-f9a40cc36ae6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61de68c6-239f-501e-8992-c17416145b09", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb45b81f-0df7-5e00-a78d-653262194109", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c67be3d9-181a-570f-8c26-fcec221471fd", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fdad874-cd4b-5f99-ab6f-4c18b15412b2", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7539ffab-df70-5557-93fe-3a8981adf0f8", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69e71e80-74a7-5b97-86c9-71bc1368b63a", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc4b78ef-e002-5217-94cd-a060ffbb2417", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:823e98f0-e3d8-5bfa-aeb6-d0caed9db995", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b5ca7e0-48e4-553a-b3af-7770a94cb46e", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b74a28b-60b4-5f4c-ac2f-cbecaf8ac802", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2754eb73-e8ae-5dac-a3af-7b71402843c1", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:935f4960-01b4-5c76-86f0-6bfc2c126dea", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01e878e4-fc1e-538c-ad69-f7baee450455", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62a311e0-7b9f-5f7a-98bd-c2ed151ebbf0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1506632d-adff-5677-a241-03e708df4062", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dcbe438-3fc9-51dd-ad77-58fc883f3c01", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ccd3a95-8169-56c1-be96-5dd32ae095e2", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:873721fb-dc71-52ca-a959-b9ef785701fb", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db919c22-693e-5e7e-b568-f1fb2a339318", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0feb526d-b3f8-57b5-90bc-2655c2b3d8b7", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-aspects 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0eb7824e-edc6-5787-b7da-8d017d810068", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94b76072-ca85-5c61-9592-ddd72d34d554", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5850280c-73ec-5689-a5c8-5a55afda5d4a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e513ea23-6c00-517c-a2dd-6a7fc2a7f414", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aaf45154-d1b5-5e3d-b40e-fe534eb5b0ad", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf20719f-a295-5ff5-839b-bf11bf74549f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b175812-6c43-51c7-88a4-4bcb1ce526db", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc1c9789-3c33-59ad-860c-8cdf69f8d84e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13a377a6-5345-5ae4-80ab-248cb10b8095", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b5742f3-52aa-5073-81f0-ec492a95cdb4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4ed2962-63be-550d-a3f9-9275e02994d9", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:471034d2-2814-5241-badd-2fd571c40acd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1eee7faf-7c26-5560-9dc3-87a162f1ed7b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a3cdad4-ee76-56a8-961b-00808391b309", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 5.3.7-tuxcare.1 of org.springframework:spring-aspects. not_affected \u2014 The target Spring Framework 5.3.7-tuxcare.2 contains the vulnerable code pattern (removeVersion removes ALL instances of version strings), but has an alternative defense mechanism (PathResourceResolver.isResourceUnderLocation) that prevents the exploitation goal of accessing files outside the intended static resource directory." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db01d764-a6c3-536a-b30c-6570210e8324", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a005e445-fccb-5bad-86bc-8c3a3d98cd13", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e2cf383-8699-5163-bb50-4618b6a5c333", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c937e3c-c324-5a37-b302-b0b2b2e4fad7", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.7-tuxcare.1 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 5.3.7-tuxcare.2) already contains the exact upstream fix commit 07ba95739b that addresses CVE-2026-41847. The vulnerability involved a parameter bug in the Kotlin Router DSL filter functions where handlers would receive the original unmodified request instead of the filter-modified request, bypassing security transformations. The fix was part of the upstr..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db8008cb-751a-5dc8-a187-95b1a64c7f52", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9069db1-235c-59e3-ab13-4ed780ec41f0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5edbed7b-bb05-5c4b-861e-1785dee6ee1d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7d2808d-3781-5a5d-b4ae-108f30dbc011", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19b7c3e2-ff65-5dc9-b3f2-5c285ee22704", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:315a31ce-5e82-5a4d-be6d-8e48bb041a3c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b59329bc-e6d2-5001-b6e9-8b7d4f50fe52", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.7-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@5.3.7-tuxcare.1" } ] }