{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4ece8555-068b-59aa-96cb-dc9620076ec3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:41134d84-e2ea-592c-bb98-8c213157634c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22c72c8a-7ed8-59bb-bebe-696960d61d7e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb751c55-d478-52a6-b833-ad2d488ba4a6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49b65cc5-fb57-5ac8-b860-79f6d57926a6", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85ca5b10-d85c-5a4b-b799-3ab7251368fa", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e6557a2-27e5-5726-81eb-c627212803f4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58d1eff6-e36e-5700-9ae4-c4587ef8112a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3963f4fa-7bb1-5268-825d-7e356060e151", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8ecf6de-8374-53f8-88f3-baa05dacb735", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a709ae61-661c-5482-9f4f-3d0138d19b00", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75b681b4-beba-5edf-9ee2-c65288d7634d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab90ed0f-5902-571a-a43d-667181e51689", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b878a1d-f23f-5a46-8061-a00397fe8173", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4d21ac8-9eb2-5171-885e-74d6b7f68e23", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad48d6eb-832d-51c4-b6e0-003d9a01d87c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d3f867b-5140-525c-810d-bf19c847863e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd9bab1c-f020-5cdd-b562-448a8590f845", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f2e6fc1-e507-5704-a20e-649ceb962439", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dfa7e87-2db2-56c7-8afc-1dd3e6682ef7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55f54d9a-d516-50b1-8b3e-8628f44af888", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bff1026-ddce-571d-b4b3-3eebc31419f9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b706259f-70f9-5deb-a3ef-46b72fa1524f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c5d4d64-a97a-5832-8ae0-416803cc2bb8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44875665-524a-558f-9eb7-529cc30c4b35", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2952722-6b76-5441-a0f6-c0f7e75825f0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c238239-7cd5-55e9-929f-1e2800879e0a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3f4ab07-92f6-5582-9794-fea16a132f01", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2569444c-3547-5eda-8288-af6bc10a5935", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f66d94ca-ff29-5ab9-ac5a-4cad8bc6ff19", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eba38769-8c7d-521b-ac38-78802148f077", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:087b7604-fc18-5135-aa03-c75badd2c788", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f861088b-94be-5a03-9f51-26328f4ad877", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec78151a-a2b5-5c2e-874d-5d67f5693942", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ffdb955-edf0-5b6e-a800-ea218a753c7a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40db7daf-3b91-51ae-b2f4-9666e5cc2466", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23bc31a9-7eb8-527d-8ef5-71a894c68989", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d424d3f-6158-537c-bd5d-d91ed36ffaa3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.29-tuxcare.2" } ] }