{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:22992da2-2a14-5bab-a679-073297d261e7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:97e5332e-be6d-5144-b14a-e377f90f41fa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a94f7095-0ecc-571f-8ba6-afc28620a585", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55c1a122-a0cc-5b6f-9c76-2f1780baba39", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed6197cf-8a03-5eb8-8fb4-03cd4be120e9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:928a0cd3-aea8-5632-bf4b-dd09d50a95af", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70afb103-be9b-5e55-bd29-db184c1d783f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4caa327-de1b-5483-9186-1846b4e8af0e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abc18589-b918-5028-af8d-d16dbc42b17b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d74d41d8-4087-550a-8e6e-c6d8177b3060", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc62f2cf-55df-5f23-816b-4e2aee69918e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82840d9d-ccb4-5c37-8824-8ae86d566b87", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98373e4d-8178-5940-af0b-5c7d667b7eae", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17c78dc2-195f-57fe-a26e-6fad2b139c80", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12331d98-d401-530b-9b2b-fdb553c05897", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a26cc8ff-558c-5c70-a0b0-da28809e7f41", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:844ba7a3-9b2f-5cd1-9f76-f04afdab013c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f775ffd-3468-5a93-90e5-debe2599f5bc", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b09de181-1035-53de-9a00-99236800f2ee", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f9d809b-68fb-57b4-a5ff-f1f67a22be1f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f61734e7-2d60-5fbf-af59-19f8dc766a7b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eccd4cfd-a523-5052-b50d-0727cdce7aa6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e06d19b0-15fc-53b3-a3c0-bed71fcaaace", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbefbf84-ea14-5857-aaf9-f508b5e85368", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e9bca35-5f7d-5868-82cd-28889b4f18fa", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29f4e2fe-c811-5c88-a030-ebcacc8f23dc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4e632f9-4016-51de-bd14-385d594f3e80", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5bc9167-8f78-5778-91b0-7a42f39e2b93", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae08450f-e041-5bf8-86c2-eb2e9fc6178b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f0b4ae8-8fab-58c6-8a90-c5faeb9e4b07", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7847c26-be81-52fa-8def-86c167a7daad", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a93b23a5-c481-5eb4-b501-387c5ac94317", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:097fc13c-13b7-5cac-8646-546c837ac9a0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f715a891-63e7-5ba6-bb90-1831200946af", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80860d6f-e544-5ee4-96f4-a69eea787e2e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dff029be-bc25-588e-bfbf-09c11b80d53b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33cd8d48-9fe8-522a-a864-9195fa59f046", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1fcfb46-4dcb-5495-9866-b8e113dd67c7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.3" } ] }