{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb95a6b3-2edf-5926-ad6e-259d1e0ea0ac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.39.tuxcare.4", "purl": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c0cee3cb-dc6d-511f-bc56-27dab83e1cf8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd655691-2162-5fea-a305-73adfd7c1991", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.4 of org.springframework:spring-test. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f60a51e-cd2f-5238-b98b-8f995aadabd6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e210a59-aa26-5e20-a07a-1712333798bd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a0f2323-681f-5398-9544-cb5753c82d0a", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:997faf3d-0ef3-5c41-8429-bf5b5de2e1bb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82ab12b8-3ab7-5c1f-b36b-ae13df4ba53f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a27ee009-becf-5060-bd97-38d314e00a31", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.39.tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:261cd776-37d1-585b-99c0-29c6d4c06c6b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32ddcb5a-9cf1-5cd2-a747-2de89545ddb2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a2ff2f2-e48b-5638-b9f3-71c8c5b30697", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd66e67b-6086-5acd-9a5a-fd00d0b844fd", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:adf7353a-6d87-5bf5-8f81-7ab23e396a88", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b890fe36-0c77-50de-b65e-68e196b76858", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f78c06af-41e3-5783-9c69-b48f57748ebd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46deac53-f1e8-56f3-aa70-e753c0bfd58b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cfd88340-eefe-50da-9c28-83ea6cdbb9e3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67925545-228f-5bd1-a158-403b1621adba", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5cf0146-eb7f-50e0-8649-66674e63c803", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.4 of org.springframework:spring-test. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de96c945-85c4-518a-8d35-ba97f5047ec4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba24102a-3048-52d7-9244-1c9951433484", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:201f8648-883c-57de-9093-806eff3c5710", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae7b4aad-c4ef-57c1-9275-1bf7b1617b12", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28ff4bf2-56ef-5dde-aa44-f54bae294287", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8caaf499-cd9b-5a31-846b-5013dfe7e289", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a301a4c6-edab-5030-90f9-b81b41ef0881", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5dcab7fd-20db-596b-85bb-6e0d0d48ab8b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dddc9c89-f3b8-5a50-baec-5015062d019a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7569cb5-3fee-5858-a6b5-bdede09f9804", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8e0fb4d-863a-5944-b0a4-8b9398af9be4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30db9316-56f5-588f-83b6-9fc17645e221", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6121619-81db-5364-8ea1-495bf4c98596", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72126a59-b06c-59d5-8dc7-33ecc8effc96", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.4" } ] }