{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1a485a8b-fb09-57e2-a5f9-8ac9b4743485", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ccb8416d-419d-5b21-8c93-94b1e02cda46", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8f48cc1-da3a-56b8-9992-a96f820d92bd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d33b04f-e328-52d7-a218-f260472e5230", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bbf0421-8907-5a5d-b79f-514475d271c6", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:819385d8-4ae0-509a-a8d1-998dd29e830f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2a122f2-4152-5b3f-853f-f1f00dd2482c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4fab37e0-0e55-58aa-ab2e-4bd09cdf51d7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a0a13fa-07e7-5874-9611-4c9563e588a9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24a78517-5711-524a-b317-112c5d3d0518", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47ca4d8b-f6c2-5af1-9a09-c9f5ca6bfebf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68064eeb-3907-5a7d-a1a6-b333c7891cff", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4d3b810-3e43-5c30-a1bf-97dcad8fa356", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da5097ca-81da-5486-b201-f8b1eba8e0c7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0619b6ee-baa3-5938-b598-abefbc103561", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:587d5106-59dd-5d22-a38f-8c905cada738", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29d31b4b-84fe-5a66-b12a-2da6a4e1cd54", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e473fd28-166d-57c6-af73-33d7a251e02b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c63ebad-cab9-54d4-b633-d2e278ec4d9f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:376b46d3-5721-5138-a98c-8ade18c12a82", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27a5217e-2e63-51b9-b94c-52c0649bd37c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9174d079-172e-5acd-9433-6af037aaa5cb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:174550d4-de94-5492-9d70-00b0004f47fd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d8d3b06-ac08-5d6f-9089-e736f330a040", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3babcffa-d37e-53f0-8ddd-aea009913b76", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:104cacee-703b-504f-8166-e8006a7d7e5c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de21a945-86dc-54f7-9698-20dd50be7b36", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a21bcff5-2e14-56ef-9d18-28d629c49c26", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bcfeed2-9a7e-5775-8055-6b23447d49ab", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38a80a5b-8881-5a89-9eb3-b2551e3bf0e9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ac7cf05-34e0-578d-bc4c-3779940b3b9e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08c49897-1270-5aef-b633-e2ef485b5c2f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7dbace1-a357-5b2a-af62-bce0c3184354", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6137a28b-7dc3-5de7-abf0-d50f607cd46f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a5e6344-0ed1-5a84-80c4-4f5142b08f64", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d4ec676-821a-5fa4-be9d-a2e2beaf4db3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13a9da4d-eea1-59eb-9e18-84c5b4a81097", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.3" } ] }