{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9c9c6a9d-fb39-5a71-bb40-177b96a13fe3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9eba39e9-a285-51cf-be80-3490e3c463cc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a5b4c14-d81a-52a6-8e35-1590f1a0c039", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96c246ef-5a04-599a-8d74-1ef32ed57446", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a93bdacb-6808-5a61-b4a0-646155995f7e", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fee8f2e2-61b0-534a-9258-d16174b7909b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:417818e5-4da7-534b-8a80-6ccbffe97db1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5b02b5d-dcde-5ced-b09c-67a39bd2e45a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0884b136-fef4-5068-b5d8-6afd4ca6bbbd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a01801c-acad-50cb-afd9-b8f2e65eb30f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ee98ad5-d066-5488-b2a2-91c28d3e7b03", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89da7389-5be5-5e51-abe6-991201765937", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2dfa5f9-479b-5845-8adb-96d9d654dbb5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a76d8666-8ab5-59fb-98bd-ccb739663aaf", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:568a9bd5-a687-599d-b23a-88a1d5ab36c5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98ecce15-10b7-51b6-8284-df1ea1bac5b1", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a8d92b8-f8b5-5479-8431-91c213d1a210", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7a4188b-9b5d-5336-90ea-5578be3a2d11", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d16f56d2-4635-5cef-9e46-28a9e87552b0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f27ca378-73f0-536c-995c-720a6f3dc99b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d500fb12-8d2d-566d-82d4-12a80a3d2181", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3591eeb5-f5cb-55ac-aaf1-91cc106b7aad", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b522577-8a5a-55c9-833a-3fc7c97d5670", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:480a1a4b-87c8-5f41-b83f-aaede9466e84", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64031641-5213-5601-af21-4d73b4151619", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a228d54f-fbd6-573e-bf1c-2173b6a72f30", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:789db89d-883c-5be4-b52c-b869f23564f4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ae35e30-0fa1-5027-b799-ec794cc8fedf", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13f302d7-e47d-5fe7-a20c-53233bd42c77", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7d0b5c9-937e-5c0f-b047-ef04df429f5e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6955991c-dd60-502f-afb0-950cf7e0d19c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:100311fa-2a9a-5a77-8504-577fbda6c3cc", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7230c9b1-7347-5243-81db-98455772fe08", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d0daf84-7b73-5315-a140-3cb64680317e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb5f23f7-a09a-512d-a4b9-4c80ffc9ba54", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f006058-0d4a-50df-870b-a6cfa741ccf7", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb8576a7-32fe-50ff-a866-be06b40b5e66", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.2" } ] }