{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8f0a32f9-5a0e-5406-b510-ea68929ebf77", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e334701-de2c-547e-aa59-114ceaaa69db", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b5d1ea32-ca80-5634-9282-e1d250a8ecc1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3e5268b-72bc-58c3-9be1-12381bc400c3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c0f7a4ba-b9e8-5b66-94b6-ee31fb50923f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67807fc6-c054-52b9-89ec-5903a51a6f46", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fa1d96de-19ef-5f77-9584-c815f23bbd04", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38678364-873d-5a49-90a5-0391c9bc55ba", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:491e6fd1-91b5-50be-9ea4-406a7964cea6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bdd015b6-8325-5541-81ee-ff2f637436c9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f1d2c8a9-d271-555b-bc23-f8efb3169c15", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:37da1145-883f-5362-8a0c-3d9a9f2d0660", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4124dc65-22ae-5868-a916-6d3227de16f8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2835c331-0844-5819-ac71-f537650c0ea8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38b03e16-8907-5e15-a545-683f8e1d4bb4", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5735939f-14bb-5a29-a906-89ff7c1a0a31", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:813c946e-336a-5ba5-8664-e44185f91cc7", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bf3cdf6c-7ccb-5ca3-a9cf-36c46c89229d", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a1c0152f-15bc-5ad6-aed0-3f7386909514", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:174c06f2-e6ad-5b8e-8f38-7db31e2d0bc8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e0fca0d-799e-546d-a8b3-09449cd7199e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:43348f6f-b1d5-5282-a789-331750fa781e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:92608d91-3cee-5f19-96f6-6f8a2fb12d67", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6f0b6a07-1be7-5a39-9dd0-4ecd98f7b553", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7900fd5-b7cc-5929-b7d7-4c66930a3663", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:11a0fef5-1996-5d09-8858-383a3f1bcf47", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:93428b70-fdeb-550e-ab7d-497a8d2dc4b8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8294e5f8-2ca6-5e05-8d34-af19af9d8fd5", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67d8c7bb-c5d3-5ad5-aead-f139da8182ae", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:563583a6-147d-54db-b111-506dda29920b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9a1c3eda-779f-5e36-bf74-b24fdcab8012", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4d55c21-0b58-5710-8397-702ccdfb5278", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:052d2944-c24a-5e9e-a3f6-7703a6e7b354", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f207d163-56af-54b7-8963-efda3c796901", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b27fbcb-f933-5923-b70d-f89784924bf4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e204924-7ace-5830-9870-5218e8b2b461", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7352a55-ea89-50bd-ac4f-d71e4a80aba9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:476d0c51-89d9-55a0-94a2-53d32e4c0057", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.5" } ] }