{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e1d0dab8-a980-5c49-b467-8e073e67458d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.39.tuxcare.3", "purl": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:99954561-4611-5e6c-9ff8-e6605dd4cf03", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d54ac30-2bc6-556c-8670-7279311057f5", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.3 of org.springframework:spring-test. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da443a79-a93d-5489-a045-45eb29846e7c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d726052d-a290-5846-8419-d02b1729e3cf", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e3b60e9-4b3c-52cf-b32b-09af1bdfe5da", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c9dce67-3b72-57da-86b8-5744b77db741", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96faba44-138a-522a-9579-6f095cc27b75", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7392cd84-df79-5b27-93d8-fa56cbb00c15", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.39.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56a8b87e-df94-5d05-a292-660dd0a3b077", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2a06a0d-43a5-53d8-87ec-55dd60a1039f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e546352a-09f1-5b3d-bc75-5448514fb31e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44f02da1-6669-5304-9057-fe76a5cb9a28", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a27f6ae-09bf-5639-8f1b-fd4bea8841f9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e65b54d0-8629-5a9c-966c-dae582dbb9ae", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffe1868b-1b43-586a-a0d4-560c3cdcf422", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5160ca4b-f5c3-50fc-968c-8232b4abeeca", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18977528-56b2-52d4-ad33-d6cadcebda40", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e6587b2-6aaf-59a3-add6-6d21868cc440", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2caf7a4d-d65d-5ce0-9a79-453133728267", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.3 of org.springframework:spring-test. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ef22001-98cb-57e5-98ab-95742c27a601", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08fb11d3-b7e1-5145-8e3d-ac9410f96b8c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8aafeebf-bfcd-5d2f-8ffd-e31f79cb2685", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6196025a-7778-597d-b1ad-a9161b3a34cb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a14a4e3-3dfe-50a6-b44c-2ed3b1d55cbe", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76d4d82b-00d1-50cd-a64f-dd20d964cd45", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28b6783d-9bf3-5a56-a01d-da175806ad0c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8332c683-e51e-52a4-b3d0-d01e255eb903", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66be466d-8efb-5ad5-9168-11bffcce8813", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e00aadf-0c71-582c-94dc-a06e37999db0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:269e8e9f-f9f7-5692-956e-a7c81aa73517", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74485dd2-5fbb-5bb9-8741-2520662d2e22", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64aa62ff-64e5-5697-92b7-22f92ef74cf0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d928c150-5c54-55d2-afdf-b5d93ca55027", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.3" } ] }