{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0be9ac8d-b023-57cc-8690-97c82d885d5c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bc640a86-c172-5d22-bd33-8fe8d1e920a6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9025ec7b-181b-53ac-8cac-247c9a3a901b", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3c9b86f-72f1-5bb9-8656-a87f1093cd98", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b85c1bc-21da-50c1-af90-a851ff50680d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdf2f12f-8b30-52f3-a21f-eed632c4953b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1eca336c-c60f-5939-9f58-7af39ae1e9ec", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf81f1f9-efb5-5854-aad7-3a00937ebd2d", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b80a0099-edc5-5e69-a10a-8122c17d9014", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ebae513-b6c9-5d10-9dcd-6f88ed8da34f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f73de51d-3577-56fd-83e8-d3e5d633324e", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54d2a58f-798e-56bb-bdfa-530f306b49f7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96b0d077-5d7a-5cd4-afa7-1f8ddd070e79", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:512c5500-554b-5cbf-a200-c4726ba08b81", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93270fd4-f5da-50a0-a664-cd69c9c14d41", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a09f5605-d31b-591a-8e77-b37fc5c534e8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96e74891-1aad-50c6-9212-dd6fde53b4e9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:721b2574-97fa-5d5e-9c65-daf86c3ddd6c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36f007b8-fae1-5fed-9c64-be458003fe8d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1a60394-3c29-5b58-8fd9-46b5702395ab", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0c15120-47db-568c-9d60-83dd9ed074b7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f7bf70a-fce9-5c0f-9caa-33ed0568bc49", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e50b4b80-8fab-5847-9b5f-2d7468b078b5", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdcdb2ea-666d-5ed3-945f-5f7b967afc0a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9ab2405-79cb-559b-a8ef-be52e3cf14f6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c339340-77a5-5309-b1e1-b6127a22aa2f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:697c6b2e-9c99-51b2-96ff-67afe636b102", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6cbba4d-f1b8-52ea-b1f8-705476099f02", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7703a2b-156d-5188-9d85-77a333877a34", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3cabc76-ab0f-5f8a-aa65-5472e7b22393", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1875f612-150b-5630-b730-324ddf4b90e6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f8e0228-a0c5-5248-a750-ef55aaf1ec08", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d8cd1db-82ac-5e4d-8a65-47152a81f5c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd658215-c628-5d16-b7f6-cb714ba8015d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2131032-72df-5f95-8eb0-c4b37149c685", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a59ff2f-88dd-593b-9b16-5b5861a8e64d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8d7d143-9b23-5852-b562-4dd8b1a12f8a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a30f509-0835-5221-9d01-3c4c3a3a0e37", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.1" } ] }