{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:be6e2a07-82d8-51da-92ad-ace3d60d6107", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.39.tuxcare.6", "purl": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c82bef02-d279-51d5-a920-88c5b6e45a3e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:74d62e28-9408-57e4-8b13-b58a1b839197", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-test. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:740ec01f-cb92-5787-9e1e-27759d2a33da", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b43278aa-e31f-5b77-bd55-b3d9c25dde4d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bffd651a-9a6e-5cf1-8a4f-227a012fbc09", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:56307c05-c003-57ed-aff4-af6dddccd11e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:376646c2-5ae5-5c04-b4ec-def8bc80231f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:092333fc-8085-55cb-998b-453cf305b3a1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.39.tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cfec6bc4-57fb-5172-ae2e-d3ee942e056c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:335646bf-f8ff-54d2-a584-988a7677a9b6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:58b0f389-f52b-575e-9954-09aab303651f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:63e7fe81-e649-5a17-b95d-9eb1fa077632", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:03a18383-41ae-5d4f-8739-ddb5e0dc810a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a78c03e5-1c80-5d5a-a68b-c02d58b8a346", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d1997457-8088-550c-a9e3-931cb1b4ea5a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:708f0290-bfdb-5d58-9cff-369d807b621d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e831c940-ce10-53fe-9efc-34b9dd631be7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a6b59660-a873-5cb3-983e-eaad8034d981", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e35e1bb4-6d1c-534b-83eb-048c303b68a2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-test. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f12bf4ed-92df-5396-b59c-8148f55633c4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd50ce49-9ccc-52f1-b977-9c328bbc32d5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f0d8770a-7c77-594b-ac50-a8247d112bb7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:10809e0c-15ec-597a-b66c-7bc88ab1255e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:89e224ac-162e-50b7-9e5e-bb2dc1e0d8d0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:446da9bb-211f-518f-82bb-db1d93b2a298", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ebbe5b3d-f901-5804-961e-612c238113d7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8db0bbf4-3d45-56c1-b4e2-ba28835b3faf", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6f0b6a0a-188e-5c2c-a660-7329ece25347", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9034240f-bf07-538d-a93e-44634388fb1d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1b19cf74-fcc3-53f4-92ba-9efd2a4dccf6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:539e29f5-3868-5643-aaf4-ae81b9262078", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b3234275-abf8-5380-898b-9f889b239294", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e585e9f2-e2d0-527c-a5bd-069c3b0f330c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.39.tuxcare.6" } ] }