{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:85c2163c-03c7-5ed1-ba81-5fe0463d25a8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:21c17c85-cde2-544c-92d7-f13ceefa164c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ceb6fcee-37b1-5bb1-9295-93baef4005af", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a6cc8d0-7c5b-529e-a447-95f93201d1f3", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:374fef3b-bfe1-5c14-9ae2-15f56181916d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8c4b481-40f1-5854-a5d8-ef058eaf0143", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92c87395-38c3-5a42-ab55-f8adb22cc84a", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f19208f-2a9d-5448-9746-d73569475a9e", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c51ca10-13cb-58da-a961-f229fbd87b3b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:047f675f-2a5b-5e7a-ad3d-5e3e5c403f31", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:056661df-c090-51e5-aad2-33fe06f16f74", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0e6b211-4972-580c-9f8f-5a983920a0b9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b702a38-34f4-5cca-81fb-a534fc130e35", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03af5b82-a637-5dd5-8eca-0c191770d650", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c4df21b-4fa8-5ec3-895d-344240015b4f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8253bf57-4a48-54d6-b718-f0c511eeb509", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:210117f2-8a61-505d-8afa-1fb12da099d7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfbcabe2-eec4-59a6-aa5d-fc2862f052fb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fd110e6-6b3e-5325-8ec5-b889fc05aa30", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a46891e5-9ca6-5fef-a31f-5d3ee699bcc3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7452cef1-ae21-50dd-a94a-24fb9e9584f7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e70884bf-96a6-55ed-be34-eaf4c340de88", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b00c19f-d38b-5fcb-b124-940bafe37184", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04e0a3b2-c95f-519d-a197-e17493dc80c1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5043247-9d80-5826-aa4e-b2851c3e28a3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff8ccd00-7386-53d3-8582-e71eff8d5157", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19eebb22-f787-5217-bc71-ef237406430a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48c5d29c-d6f4-5723-ac79-b9e2d2d424a8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6008a783-34ae-5c5a-b020-51c3205eaf09", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6013cc8c-d95f-5da2-9e1d-7d9415a4ce15", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:865dd288-1757-5cfc-9924-1eecae51eaf6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91b26cfe-492a-5af8-a5f3-b70c1681f334", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45ee06dc-229e-596a-a01e-fb87bf532750", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f57eb678-8a33-5d94-8a3d-659ffbcb6444", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b65a7475-6b8f-5ef9-aac4-fc7e080d798e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cacaed4-1a97-5255-8463-5847fd1426dc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b4b34e1-98b8-5119-96cc-6d9d0a38583b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b70645cb-fc8a-533b-9c36-aae2015bb464", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.29-tuxcare.1" } ] }