{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c93ea5cf-1e9a-562d-bc02-1a1ef57d1a96", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a8f37809-fb16-55fd-8e87-492472b26a51", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23dd0f98-079b-582a-b8e4-1c43c5919f35", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cce048b-d54b-5006-94f3-850f4489f174", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2c6df36-8918-5cd4-a082-f921124c6631", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:187f31dd-24b9-59f6-b3a5-0f82937fd789", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdbcb100-ce11-5dca-b41e-f499136fe81f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dd38e70-d761-5d92-a950-fddfb100e2a0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5372d3a-d384-539a-8450-aa672dc9aa79", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37ac29f5-e8f4-5061-9354-2ea02862f790", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e31c9a5-cec5-5ea6-a0a1-eedeb3722680", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57a4414d-8d26-5759-b83c-7cebc19bfa40", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fbcca1f-8e91-51c1-9373-af7da04630b9", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f420f8dd-f05b-51a4-9226-3b6cc9a9c41d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03ffa891-32b8-50e3-ad2b-408fd20006b0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d1a0724-ba68-50fe-8ef5-45724fd23cb1", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24c22436-30a2-5499-958c-b4bc8eee3cea", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:100ad65e-7bef-5c39-bfac-5ad8e4864204", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db42c989-2559-5257-bf14-95f2aa89e8a0", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2423911-b2cc-5a55-a9f9-9a6320bdc44e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0be7cc0-03a5-50a7-bc4a-cc33346c8c5f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53c3e187-2af4-5b6a-bbff-b9e49f422e00", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a3fc5a1-0bed-5cb4-8da1-42e40f5e8a02", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bfad9a7-8907-56e6-b947-04ec3d53c8b0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52a89a18-64db-5fc7-a6b1-7cdeca0461b3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16f5748f-1c93-5922-b7dc-45de78b19bee", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f62e3c01-0061-5636-94d7-0dce6d234636", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1864eaed-9877-56a7-b7b0-b95b7de52f32", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bce808e-f8d5-5217-b963-bbfdd1437a4b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef37e2cf-7d66-5cb2-a4cd-000a1d79666f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0365e5cc-3c7d-5343-beac-dde930ee2fca", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:581f0037-390a-5801-991a-1c7d2065f272", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c988cdf4-e658-5d8c-9b6e-9d2137d4b72d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e7d57bf-8917-5c57-bb41-8dc3fbd932fc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b02cd1bb-be55-5c13-88ba-f60c6cd7ea55", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db40c736-ce3f-5a96-a665-32bb7e0dddb3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c606937d-356c-5fdb-b369-7fa64709d2f4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81182c2d-c59e-5169-926b-3a235d9b9e3c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.2" } ] }