{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:077cea62-4bac-50f9-90ba-7885b6fbd31a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.39-tuxcare.9", "purl": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec86b669-4551-5840-8ec5-29954a61e615", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:6594f2b8-53f6-52da-a06d-c1d803e6d7d3", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.9 of org.springframework:spring-test. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:1297bf32-8b41-5cbc-b47e-7866a8bd1dfd", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:cd683b92-54ec-5cc5-961c-61c96f8b626c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:bf45565d-2452-5cd8-82f2-0b850ee6b018", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:9b98d4f7-9473-5510-8d55-a2f5a0ee9e46", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:91c8dceb-d23b-534a-b0a2-82b61f857198", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:7a41f1d0-453d-5644-8651-951f5ceff158", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.39-tuxcare.9." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:e696cb78-e89e-53c3-8cce-853d8257f196", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:06705a4a-056d-5123-812a-178422d254e8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:3aa33f08-21f0-542a-93bb-24587562366e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:f2e8d369-1e21-59d3-be7b-07b2181f3b2a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:433ab786-f5be-5cbe-ad72-33b0c70725ec", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:f1041a3e-9685-5f77-ac2d-accc88721806", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:9d59e94d-6c65-5d03-afa6-850911b76fc7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:caf102ad-60fa-55fe-9935-d45d3986a3d3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:6ac5b612-ffa9-557b-a249-761b18e82c10", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:90e0f508-ce17-5e0e-9560-437dedbd11c6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:fd392638-14c2-56e5-8e03-3648a0bfd594", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.9 of org.springframework:spring-test. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:29faa28a-98fd-588c-9462-54750a57573a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:2392b830-d830-5311-8a4e-6281dc8ca442", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:93f3fa6e-3612-52ea-ae23-0b0d44dea3bc", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0988bd8f-deb2-50ee-868c-2007514cb9c5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:74e676a1-7b5c-59e2-b697-0cf1070a277e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:351966fc-a1b6-5db3-9d7b-d00c47b90fc2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:8a7c82e3-0f4e-5c6e-8279-ce331f846441", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:582bbffa-7c01-5e63-b36a-f5ac7e7e789c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:f0798f5c-3fae-59bc-b3c5-0c266af4603e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:4f7eec97-cca4-57ca-a38f-356a1c81c6b6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:47ea4199-b46a-59c9-a9cd-e041523f905d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:46a8628a-3ee1-5541-acf6-a9749dffd422", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:a711c6e1-0430-5986-825f-0629427df5e3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:14c0e168-1c1f-516c-90fa-8cc2ca539781", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.9 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39-tuxcare.9" } ] }