{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0a957053-6b9b-5b64-a6d0-ab9eef7e99c0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f113b6cd-6351-5a7d-825a-df3d25cb99ee", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f588896b-8e79-55af-8428-00431cccab2d", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0374fe25-91a3-5500-a4e7-54424945025b", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:303fda73-7843-55d8-83ba-b2c1dd26be3d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6078b76c-1aa8-56aa-bf5f-516f908b0e98", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35507c40-12f3-5c3c-8ed1-ad686ad7272f", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6300ec93-655c-5070-b256-ba99ab286e2c", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e78fc05b-a10d-5d33-8974-a0b13c3f9096", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c14fbd35-8bff-5306-914b-7726d8b86c4f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:466da174-95ee-5266-a69c-03a99f0391e3", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88354e12-a94b-5298-a57c-42f501ed2407", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35babd59-be8b-527f-8981-80e20f12ddd5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c1ef5bb-41da-5ce3-9692-4a167516cd51", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec5474a2-6a5d-5612-b9aa-037b556f0ede", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2c90af4-c1da-5fbb-8fca-732fa7514b25", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c878c8df-276d-5d30-b2fa-62dc9da72edf", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1236c6ad-4d36-5a8c-bc48-fc107cd004e4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b604dc8-995e-5e80-8ad9-e8f6d611b274", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ceedc930-1f8d-54c9-8c9e-56a72d7ce7e3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f229d8ca-12f4-5173-90c7-6ce284a10f0c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58545cc7-f95b-5f49-b273-77a7fa0700b1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7ac8cff-6b3d-57bd-84de-6a9d35b31326", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:810d4e72-3bde-5c0a-b130-33f3afff27a8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:199827fe-496c-555e-a93c-3fc82f419efc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78ea1a58-c00f-5d98-bdd3-5bdf57469018", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd1e8e2f-d849-5bec-89a7-c5a4cd338f0a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a143dcb-5231-5211-bfe5-2697a6734527", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e307961-1556-5253-90b1-5852649696be", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15edd692-8ed3-5b0b-b007-f79ae47ad81c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83b09e7c-8bfe-5ea8-9fb1-edb832e72d12", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:faf0acde-0f12-5e9e-89fd-58ba02490e4e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdefaa1a-953d-501b-ab87-ed71aa0ae2a0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f833dbfb-44e7-5004-a6ff-7cce0f660d28", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66b0a577-a88d-5b33-ad7e-4eecdacb4009", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d94d70b1-9e21-597b-9678-e188b205f96d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dba2de28-f0a1-5a6c-9e80-d4dd9fab4ede", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3646b4b-69fb-562d-9bb0-9f2b368486d2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.29-tuxcare.1" } ] }