{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eb91991e-3f86-59f9-abb1-e140745264b0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:632ab86a-29d7-5c69-a185-51d24123e24e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81cbff8e-da97-510c-a0b4-c2d3778d9024", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e589121c-20ac-5adf-a712-d9a8a4ea7393", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68c6a448-0c4c-5299-82c5-1757d795f925", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c208090-bd7f-5a92-b8cd-a6cbd508175f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26a9406a-7cf4-5838-97a8-db112944652c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fd7612b-c7f1-52d5-a37f-1032a2cf1fc1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:830e3259-6d79-547d-bf91-8735992293a8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31718e4e-76c3-518a-af46-ea31616ee0af", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e871bec1-2220-54d1-b94b-e8511466d38f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e78ba714-64cd-5973-abb3-b1da28d97e1d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f94069a4-76d2-58ab-a435-1fcb578421f1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1f92e01-a6af-5bed-8e08-bd8f62e4f4f9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2e89db5-cac7-5277-b428-00edb32a112a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9404ee4f-16c4-5ada-904c-a220607c49d8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bdfdcf37-99af-56af-828d-863c384f2b73", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df910b9f-5a0b-5806-b4b8-d274059292ff", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28399f29-b6cd-587c-9f06-eb01d86bc3b9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15338eee-8749-5f73-b12e-f642a84ade25", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad812028-4b54-53a6-91a4-6be5f3c768f1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16ea0a83-c5d2-5e43-83d4-29e3b49e116f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2cb41b1-bc1f-5ab7-8fde-2ad95c172586", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f25321c0-b51d-5983-a1cc-8d744d3f5f0d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d5c6b24-3cb6-5038-9ecc-2e7a9e610aba", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9126e74a-0c9c-5cfc-b854-55fe5c7a47b0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13c1da04-cb5e-5a5c-b7a3-53c19e3b2ef5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c1bec6b-bd87-5904-81df-6379136b2b96", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:877c0ac5-aa31-54c6-899e-56a1032b06ee", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61c46f11-d2a1-57c4-a709-f51ac24f1a62", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3921837-02db-5d9b-9c11-f608313e3522", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f38ae13d-f4a0-5aa0-afb6-9c6d5ec9c516", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ae76e08-1372-5249-b440-4eab0ff837fd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ae6d192-82d0-5ea4-aac6-ae1c0b622274", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d15f7ed-4dd7-5a25-bd2b-584e2edac82c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32b50c59-96a3-59c5-93e8-afe2832fdcfd", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df7c91a6-2087-5836-815a-030225894108", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c3322866-a79d-5d2c-9688-7bc97fef5d30", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.29-tuxcare.4" } ] }