{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:16b0b915-59fe-588e-9a0f-acc8b83161a1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4de47373-a33a-5e5f-934a-79b53a4ac6c7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:caf6b97e-1154-5314-94f6-0185c75d047b", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-test. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:93a96b32-934d-53fb-a360-4d0279016f3b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:af02eee4-91e2-5370-a3b1-da98aa77958d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:ceec6f6e-2fd8-5815-84ad-8db643cf075e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:57526bdb-9bac-5f44-8183-3657cc9cd1c9", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:0ed8133a-c522-580e-a987-e2e65c011c16", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:906334c9-ba7f-5442-842c-8d485d87de72", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:c682a121-6049-559e-8fab-099419f7c901", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:59031b97-1893-56bc-be73-a6859a39b867", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e50f5c97-766e-5a00-b93a-c22f7f316313", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8181cffd-6d44-5603-9b74-2534510aef07", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e7cb16ce-d415-56ee-bc22-0730eee30ae1", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:22541242-0303-5619-a1f9-d9b1abdbcbf3", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:25a22ebb-0a87-5da6-a638-aa554040affd", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:5d65f3b5-2091-59da-8d50-f517d78194be", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a1f4d846-db8c-5f16-878b-e9aad65e3dbb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:564f7f1f-3035-5cb1-bbc0-ed40e2bcf8f5", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:5945905e-d485-5d9c-a935-27de3b3e97ea", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-test. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d2d545b1-ba30-5c08-abab-cc46a1272702", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:0a2df4f3-dfb9-549c-8587-9a94baa48f9b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e4febd2a-f668-5c1f-8970-b7bb328cc95d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:453c0788-3a52-5d41-845d-10c8b59f4912", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:c31c1119-22e1-5587-a72a-775fb9a9a18a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:446d33ad-90d0-537b-b34b-b487f4cbe8e9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:7b2dcb5a-9bf4-5c66-be60-610b64f55aae", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4dd92671-5b16-5008-92ce-3cfb04bf2e36", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d605e68a-b93e-53f1-ae6a-8be8663ec343", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:be3e8bcb-80b1-5d87-8444-3a1d13e02237", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d952ab5c-a71c-5b2d-b585-f54c375aed3d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:b16d84c4-d215-5672-8bb1-bf8b31cd15d5", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:88925c85-fe40-5509-b49d-0b58a1eb5a3f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:37a9df3b-b15f-5f09-97f2-6320094b96d0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.11 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.11" } ] }