{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ffa33ecf-2395-5ff2-a6ee-efae41a8def7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6454ab27-1501-505c-b9cb-c57f127ddda2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:906ad44d-a667-58e2-8076-217e806370fb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8de95942-9538-55f5-a3ee-831cd9446275", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4018f636-7983-560d-8418-da38ef3e137f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:598a389c-6a98-5711-8ea5-584d5a8f4422", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb0034fa-3f2c-51c4-9e49-873c61e64426", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e81509d-80fc-51b3-afb9-d2411af066d5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9efc8717-862c-5dd8-8582-0a6f9bb4a823", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67e13bfc-4736-562c-b7a4-000303fb06ba", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8b1cb00-8e86-5562-b532-fda20d7f343e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d3a338ee-3f95-5885-9521-7b27b1867c50", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:451ac952-6d3a-502a-a405-f6e5369efbd5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5e7239c1-af6d-51e0-9b85-97dd10dd7ecc", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d75ed683-9129-599d-b640-0c84022cd0c9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac2115d4-db1d-5144-bd2d-43fbee15c58d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8c276773-1fe2-5dad-ad58-f482896a774d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69db5dae-3c26-51bd-b89a-c5e08ea531fb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99037f4a-b590-5ab1-a19e-96a2bd6eff3c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99cf1817-55f2-59b3-9aed-61de70cfbddc", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6f86ef0-38e9-5c91-824b-591aadd0040a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e57b42f-098e-5ae1-a0aa-3af81bb7963b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2d0c8759-39aa-514f-9556-a2f9219901d9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eeff3b00-99e7-5fbe-976a-adb7755c950a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac5cbc5d-682f-5dad-8daf-a6248bbcb47d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:631d8be3-12c4-5e22-949c-fadc066fbf98", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:95ac74ed-2ec7-5c5e-be29-a1bd086db9e0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:17a3f5df-b491-57e1-b8fa-9e2fe026f507", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49432588-63e1-5785-b681-a3c02527c872", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7cf3b92d-e26e-5339-8206-3597647428b7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4bafa86f-6d76-511a-a7f5-0e85e36c7746", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6cf51d0-4ac2-557a-ac95-da95b1ad859b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:237d6a12-32c0-56d3-bbff-8817f0906396", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:741e3d04-3fe3-58d1-8373-fe8bc810f6eb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:689fa400-96a1-5bab-b978-39ef713a5784", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f5ea905-b595-5e44-af0a-42f20d837e33", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d5e7009e-8d60-5cb8-890a-94ac4355fc41", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8efb2382-ed2e-5dc0-b3fb-59c730275181", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27-tuxcare.5" } ] }