{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ed4e7149-7178-5b04-81ac-4d722b01f8ca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d83e168a-872f-5779-bbea-a53e4a005f6d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97cbb97e-e028-58aa-b3a3-c7dfa283d63e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd37ca94-9b06-59a7-bb9e-ef2fc5328faf", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95d2853b-8adb-50ed-a23e-ca8c9658a1f6", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:704d575a-70ce-595b-a1f3-d34e88af5c83", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:feed18cb-9ba3-588f-b048-289ccb3b597d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8390e57-7c88-5175-8c55-d96ed8904b16", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f717694-7bf3-5a7d-9b12-700e6a5fbfd9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a27eb17f-02d5-5e14-a6b4-9aee3c352395", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0344ba43-ea26-527f-b2e8-0fd4e6a123c0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9fdd203a-1ff7-5462-bcc6-8ed03a81525c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89e72434-373b-5aa2-a8ec-e2ea21c47d0f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f1b2817-c4f5-5993-b992-4bf6eef71c6e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00cf086c-ff5f-54bb-8e89-531e4ec0f6ca", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7b08518-af9a-5e53-897c-8496412c08bd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11819314-5ed3-568f-ae8f-a0c5c9f653aa", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14cf43cf-5ffd-5375-ad63-bfc240c6804e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da18d89f-e3b8-5ad2-bcf8-6ae700907e3c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a768d20-1a4d-5b4a-8b4d-98b430f9ce3b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f601b3c3-cab9-5d0e-86e8-98f99fdafbbb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06e3f8b7-b6af-5df0-94f4-9c9f2717a470", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39235baf-1dd8-520e-8b87-431f6a74c282", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3aa3d7b-daa7-56e7-b475-31105d6a1269", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4b3b174-395e-5df6-a8ca-d7d0e5e6470b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c330cc8-980e-5e76-9f50-e15159ebb2f8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6a86095-faaf-5c4b-957c-7670638c4751", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c22a0dd0-bb47-5e68-a49b-88fd2639a667", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:235b8fb4-44f4-5924-b480-d494b61f07ec", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59fdb4d9-e282-5017-aa46-3d06d8391deb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9687edb-45ee-5d84-8447-6cf4e659a515", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e82c847-44b4-5ced-9c8c-67dacf18b7b7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19764a0b-2402-56f3-bad3-1fc32108e385", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b28f35da-de49-58fd-9ad6-5bacf4d92067", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6556fd27-af9d-5aa2-909a-9f003ca5e08c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4ce61a3-0a39-55df-bb91-c30bf168aa4f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06d4ab79-12c8-51af-befd-bef2819cc2e4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba506dff-7fe3-5933-87c1-bf91b1efcdb9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.2" } ] }