{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:776f56f9-7328-5598-b22b-02745b41d7fc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dfd21be2-d10d-5ca6-817e-0ae95df8f6bb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:495e7cd9-b25c-55f7-a558-258d58357677", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26839963-8f52-5654-9869-10e153f7623d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25b8a389-482b-5100-abbc-993c544e6522", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d77aae4-f982-5764-843a-37ef56280638", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:223f67e3-f5a2-5e37-a9ac-b2d2c4fd2068", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4629db48-8043-5d75-b55b-8464dfaf0a6f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f3d4de1-2c89-5425-8692-bd2934ecdef0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1288f9a2-177a-5980-8e9f-e5b6a605720e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb1d9046-cd07-5117-a6bd-9bd13c88bf1a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5eafb166-223c-56c5-ac9f-008450d1acc9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd4165e8-3ba5-5404-9fc3-e30298723534", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b04be390-6e83-5bb7-863b-65ff7dbf0154", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e59bb84b-eb85-58d5-bcec-801158c16e1d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7aa55fd7-2fb7-5273-abc7-735fc3414a87", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b8ee06eb-c240-5260-a10a-e8985f7387ce", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3f69313-91f4-516f-bcb4-1d0297ace6a2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e9d8eca-02a3-5587-ba7a-98d15d46f70e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06c70a99-20c8-539b-8af2-b44799703a5a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d019ea9d-cc0b-59b2-b6a0-39e8a56b7dcb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:504ee9fa-da27-5c93-b5fd-c69f65b2daac", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a99d8896-134c-597b-9b4b-4c594149bb33", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:353f1aa8-05d8-5129-8f13-840403b3abdc", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8136d34-6823-5c36-b78b-914f32fb08ed", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b09ddfa-a9ff-543d-a252-6c8ad916838f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:920e5103-0779-55b9-b7ff-532d188f01bb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bef615b6-d35e-5997-94af-3cc68850525f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fdcc716-e077-55d9-a34c-f1ab91b38b50", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1407edf4-2627-5cf0-95fb-0e8da22e3777", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:727100a9-33f2-5a47-9f79-3ca2cc45e7fb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d4449d3-8937-5260-8b0b-1a0e48ef7882", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c41ba4c-9140-5ea7-8936-9cc3d69fdd97", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95ae353c-e87e-5203-a05a-95f5d0540a70", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd7098bc-922d-5b16-8123-a0b4ad593d25", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43e19925-c9eb-5ab7-ace2-c3c239e9b4d3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fa8cd9e-a57d-5782-8567-8c00a004c493", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:507207d4-4a3b-5bfa-8489-c557088e4fde", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.29-tuxcare.4" } ] }