{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f9734d48-f971-58ac-a229-ac39fa6b9075", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8304beec-e609-57f3-9905-355faca3c42a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1135c4f3-c375-5301-ad3d-3547da54400d", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5b5162-b597-5ec5-88db-5647c33afe60", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:810e7afe-9b64-5c29-95fb-400d0192f14b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73fe4f0a-56ce-58a9-808f-1d63d99ada9d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3ea4abf-df88-5400-9f52-2756b0785679", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5eb7eaf-af85-5891-b785-794962366c49", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6c78c13-efc7-56de-ab01-4d47f2e22da6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b034d225-b85a-5263-9b3c-e7688974453c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66495105-9928-52a8-867d-7b98d4b4dce5", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45eff8c2-b336-52d2-9d36-45bc8115ab52", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6d8bf30-7314-58b7-bc13-6197f88240e5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6257f766-f9af-5fe6-85c9-148ca6f1c0ad", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5724e7c4-e31e-58cb-a3b7-e9554b6cc0c2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74a58667-c109-58d7-ae08-d87cdf4a51dd", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0c10894-5555-5218-afd6-31ab5dec4f51", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b32edc4-e243-54d0-b215-5094bfa7a853", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a93cec6-b052-5b89-8d12-f2947887ea5b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a1fdd78-8a33-5846-9993-dee2d37321f9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:107c90d0-f704-57be-b277-038f648ca842", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70327aa7-58f5-5129-a37e-03d116d674a7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9aa1d8aa-ec00-5a24-b878-1240c79cc3e1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cf15f24-04de-57d3-8432-0b922cf7c609", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1bed41e1-08c6-50a5-9586-56a53e9c1a9a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b11c05a7-6b66-5a3c-b3f4-d63a29774a56", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61621051-57cb-58d9-a5d6-12510ffc81a2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:429714cc-ac53-5397-b645-924f71cda138", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb3c2c4e-a8d8-517b-8860-5c7acd1ab74d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cee67e39-b4e5-562b-934d-a2575adcc077", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30bdbabc-082e-5b05-b390-90d3550ef350", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19f4635b-cead-524c-8ab5-4a0efa46a949", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84d7b5e8-dc6f-53a7-961a-45b9607f617c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b16bde5a-c17e-5393-9ffc-dbb4d42a7524", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8c4e497-0d00-5ae7-ab10-cb52a7c375f9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c890c842-13eb-56c7-aeed-5d45c7414bc7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1488251-286d-522c-98a6-32bb264192a6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c018f22-4f41-5a7e-92f5-301e5901eb79", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.1" } ] }