{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dc44bfc5-0d09-55fe-9160-8edc5995e37d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3f543aa9-6207-5824-8f78-e2fbfac48cb0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:606aaff2-6e66-5144-b7d8-b68c0a234d52", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9742e43d-c79c-538c-b133-39ab1eb23c5f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db48b335-2799-578d-9095-f3f584e31688", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9aaa9fd-a8c0-5440-a8b2-1697cec35731", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be1ebc17-7bd1-591e-b028-49c7a02857e1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:164a5308-76b2-5e8d-8c97-420bbc19d6b3", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e0a30da-8788-55d2-9dc0-cf73e43ce43e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71ae936a-a328-5239-adcb-bb4972995f1a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8231078-e2a7-53f7-a8d0-63baa223b8a2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed51c68f-a650-5ade-91d5-7d2c61eb00ea", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c615133-2152-5770-ad94-06b7a90df613", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45a9055f-1a12-5888-9836-bd75f876948f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b52883a-c846-51ff-b143-8d508f64a68c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0cac9ddf-99bd-5dce-b8bd-fbf3f3723092", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e701cf68-1733-5395-a775-431579844aac", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:200f0303-36a2-5689-86b4-511d7813389b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:148cb456-b33a-5ce6-a8a3-92947fb8bdfe", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f14e6826-851d-5302-9ee4-950b578dc012", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9b99f2b-9959-5ca0-8f7a-a8c43295ff51", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b9e608d-b6dc-530f-8f41-dbb4f897eedd", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8cb7e40-0564-5b32-82fe-c152eb7e287b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf58bf1e-630d-5cbf-b30f-84b384f08a79", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a70a15c2-9c2c-57c2-8886-569b49f61a7c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64b182d5-7bac-5bf2-8434-963e97880d1b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5eb838c6-c7e7-505e-b49c-ec2a68cacb54", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bd4fb64-bccb-55cf-8490-fd1df9ebf48e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16a1da3d-db8d-57c8-b7a6-23338d80a896", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec98b055-89b9-5bf2-ba30-66d8e334b2c3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6614d8b2-27a8-57cb-9094-0033ef39f43a", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e73faa9a-7c62-50f7-924f-3a90d9441504", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2a6e8a8-a03b-50e8-9b85-f5f6b95405bc", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78c4b564-398e-53c9-8c84-cec80172a596", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:113d9fc8-419c-559e-8743-9f7c9f75d748", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee574ee5-bd6a-5800-8b67-767007a48cd0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7026cd2e-e141-51b8-969c-9b2d1db14745", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b06895b2-6610-5764-b868-c9647228dd0b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.27.tuxcare.1" } ] }