{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3f4be664-4ccb-5dd5-8ad1-46105726af28", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a664405a-1dbc-5933-a3d1-1432f9694955", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b3a5c35-18d1-51d4-bf45-ad38bc88f914", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8995b86f-a2d9-540c-ba3b-d4db1bdf9ca2", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1b137b3-c071-56bc-bfa3-a504990840df", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c51000bd-e9a2-5440-bc47-9b0ffbc9e9ca", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2981f6c6-c39c-5cbd-abef-065310e5a224", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d15ef41-ba49-5a55-8933-71e417e10569", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0b0259e-04d4-5a08-a11b-0b3ce7dfb252", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b49e6249-d63b-56b6-ad0a-31ac9d593dfe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77b30453-c5a4-5a1e-a9f3-5c186c888fb9", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b17c76e9-2922-5b9a-aad7-49f06fe0d9be", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1a9ccb8-76cb-5866-bec1-8dfe92156b13", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6edbcb6e-5bd5-592e-b754-92b4c349176b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edd5ab36-0976-546a-b912-5bb5be1f15f1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ac615d8-106c-5978-b8dd-8a4798d6638a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fcfa4e8-0cd5-5743-93ce-77e20949a8c6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4053b7be-7fc8-54aa-8516-b5bcd208d9c9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e5ed7be-a70c-5a04-bd06-e311bdd37601", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9e597a6-927a-5aa9-80dd-c846ff87a3c2", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77f050be-2248-5d0b-9817-f9b9c9aee410", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9be5e586-4676-5a2c-9de7-03e3a788af33", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e09ced58-9f4a-5259-964d-b2557e125fa4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:976a59d1-579a-514a-9fe0-a7bbc1118cf4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cfb9920-130e-5d8e-9b59-a6dd8f752199", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ac3bf6f-1222-55c7-a8aa-de89121be463", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc7bb44e-a2f1-51fa-8de4-0d958aecebd2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f62160c6-8216-5834-9e9e-bf8ff7fdad7d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f97af6ea-f324-518a-885c-e9c3e1c4f72a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8331821c-5f78-51ad-af8b-24e8e0314963", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72d6f00b-3bee-5eb4-8599-2bcff0bee2fd", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53d0ab60-0ba4-55b7-84a8-6fdc766bdd68", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c07510e-d8c5-550f-95bf-ec902138082a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8afb755-3b34-5427-bde3-0bd672d951be", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0e40c25-a141-593c-8764-aa9f1a9b37b4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7b9c56f-e287-53ff-8e63-81048dd90f35", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40d2e215-3c2b-594f-a0a5-dc26daa6924a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60b02a2b-43a5-5449-a664-fb72bc1c771e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.1" } ] }