{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2be999d-422f-5f44-b3ac-c20bbd74755d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:26a74476-c43a-5e49-86ee-985d45d28501", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d3c5fb3-b470-5ff3-bb30-008ac9feb11d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afe68a03-64c6-5f86-82f3-fac4a1a696c7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:05adb5a3-96d4-508f-996e-227267c78f53", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b8922a4-8c39-5cfc-afb1-e7a3cfe01b1f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bfb5e191-6d12-569c-9d35-f3487bf54a7c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bdafd719-5fca-57a0-9349-03902ecf4b44", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2758b2d-a5cd-5ae2-94f7-05e5a2089f39", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de9a259a-a98f-5144-aa2b-46cb6a3411cb", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d85ebf5-5a87-5c52-bc89-21534cb9f4de", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15005054-ce2a-5a67-9986-42f24eccdb28", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:941d0129-e73f-5e53-8724-f5801300626c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eeb9e3d2-0d2e-5f37-87ad-bc4b7079ec65", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c40035d-cee6-5d64-add2-ff53290afbc1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14f29c2b-5668-5ee0-a158-22a2edc07306", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9d19559-b8c9-5b93-b8bf-7cc0300cca7d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65d8dc7c-1781-5c9f-9d36-e962d71653c5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8332ec1c-8b13-5479-98ef-558a3da42fff", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c066345-3aee-5fdb-8d4a-dbd8728db04a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30d92fa4-e45b-5f6b-9ec0-d7511ce84c95", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:049a0b1b-d8af-5a99-adce-de64df480b96", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f62cc01-f90a-576c-b436-8ed9632393e4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0f9d6b6-c9b0-5a05-b98f-782e43ac476c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f8c6964-5f3f-5281-936b-04b001415863", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68a1795e-a545-5be4-9307-53acc0130aa0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:674c2d66-4c64-5448-a800-8afd66a9d833", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53fdf0a8-a7da-5ef5-bd4a-b7a6f07e9c21", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2ce7fac-48ec-5ff6-bd31-54fabcbe76c4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a37601f-e78e-5994-b350-9e00ad44af44", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11ecdd70-8dc5-5aab-ac26-435397138a33", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4cb29ec-f7da-5bc2-a417-0952375364f9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7bc07da-294e-5f9b-a524-3cc6d7485c3a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:305cab02-1f9c-575c-a254-0032778f22e6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f8d47189-43df-50fe-b4f6-a6735b7ed1e7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a29f1887-bb9e-538d-ad95-3ac666faf4ab", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb55f0b0-74f8-5bda-a222-c2e487fbc2cd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f92f17e-5f7b-5a61-8804-c217f5ca0b97", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.29-tuxcare.4" } ] }