{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:73fd4e55-76a2-5164-83a8-70a2f42a49f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3218489-c295-5606-8989-8e1d693737e8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9522f666-1222-565f-ab6b-19e7296201ba", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb3ef687-6770-5387-8125-5313680cb8ce", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:135ac106-e993-541c-8f30-d0a267128efe", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dee9b40b-870f-54b5-b001-8feb59f8e8af", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44fa1d7a-4f5f-5ffa-84fb-dd7e8fee08e7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ba1b38b-e07b-5be3-a059-65d6c700f6d7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b081e3b1-19ef-5f76-b64c-f1bd7d9e5118", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc7c76c2-336d-57dd-9857-6a933125d320", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d04e8369-4812-5949-b625-f9d80cfc4f0f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a408ef4e-0ff2-59b1-a614-71a5abd971d6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d465d02-3a67-58c1-8310-0f271423bb73", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c61b69a-f973-52f4-b878-45538f076522", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a08c4ec8-644f-5793-a099-4604380ad334", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d394cea7-039e-5010-8f81-ac4516772742", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4777a2af-000d-5478-b210-c02143128387", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac3b0b21-cad7-5e72-bbf7-08edb28f39fa", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50f2ae1f-2d61-53cd-acf4-918dac6dec0e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8127b960-6614-5169-8c5f-0acf47159245", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a752739e-f700-58e5-824f-2fcf4a65f266", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c716aac-10ef-5343-94f5-c7034550a54b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47ea70bd-3440-53cc-a013-7f8fc9ecdfb7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a889bb5-8eda-5660-8d17-e7677c3d4884", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:895c7d5c-89ae-5777-b7be-bdb6c8cf27cb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:778f90cb-9a9b-5f47-9f62-08a93d4868e3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:141e6d90-6424-5e29-8627-6b75a708f9f9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1d45a52-b7e2-5ddc-bf8f-a2237f45be5b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe6c5450-7349-5075-a47f-ecd632df0bb7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc481168-ad19-5203-8c28-ccd0ea02a2be", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ee2a356-b3f9-5e39-8471-6b53724675a2", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1dc5f206-2b38-5e73-a757-4cda6289eadb", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:559fac7f-bc43-5cbb-a6d3-3325e47191e5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b94b8d59-d8ae-506f-a6ef-4dbef691262b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:900963e4-1e52-5e40-b57a-3d154fef9884", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c5de527-0e1a-5431-beb0-d9be46f3885d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:940cde25-9e3c-592e-aca5-8b152c03c81f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:937a2b7d-4e82-5f49-8f1c-e8bf5093eaec", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.4" } ] }