{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1140495a-f996-5c62-84ac-bff9a3ddf0a6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a3713800-303a-5458-8018-2811c9a4a468", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d7df392c-9a50-59ec-9a56-f3779344304d", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-test. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:4b79d372-07b3-5f44-b00f-cee755f79dd6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6760f528-7bbc-53b8-b3c2-e1dc399b56fb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:afe901c4-a176-51cd-b96d-f0dbcff89b8c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c70342a7-d5d4-5230-b3a2-285f62cfaf7a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:7a45297f-2253-5bea-a0a8-e1a2321b87a1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1863145a-5899-5ab0-9cc0-7ac508f79752", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:e09e8749-a26b-59c9-8618-28f6eaf77615", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:38ead207-e4ca-5886-bd62-92588718cbaa", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f2459acc-6f1b-5198-9f01-8b49fee96dee", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:0937e4ad-6b95-57cc-bb03-1d6496a76a69", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d6319e79-04f6-5cf2-91bf-14476328c133", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:56f07611-7a9b-5f74-8b28-8ef5a8c19d73", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:63194ccc-d520-5ed7-a97e-57198e56c9e5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2551a21f-c6d7-559f-9bd5-c53fe18b5edb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ba2dd827-c959-5016-ba00-c6fbc70d3b3c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d2c67610-0d5d-5acc-8cf9-14c0865c68df", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ba48de7f-c352-5544-9f95-c564c6076e99", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-test. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3f8a5cff-be96-5b05-a7fa-6a45557914d2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:655f843f-61da-5a08-8874-c8083e9b6ef7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:8bb01f20-9eba-556a-9144-d01f34e2502a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d8f39afa-ce1d-5529-9d2e-37d80d39e848", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:cba2eb71-bc95-50c4-99b5-388c94af65e1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6c4d4740-7252-5c64-9275-d9cc5a37e596", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9f1bf2cd-91f3-5553-b4ab-380f8cdeef59", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5dcc48e2-f4c8-583d-9476-170a67c03638", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:75c418ea-9280-5456-92b7-15acb5ffb8ba", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f76fd25b-7eec-5d4b-a9fb-5493931afd9c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ae42102e-549b-5e77-a07c-2d1728098276", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f516232e-622b-5ef1-9ba7-394e004bfdf6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:31c7d845-467f-568f-8491-5be8ed48e6cd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c91d1677-961f-54bc-bb42-1371c31ea244", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.10 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.10" } ] }