{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b2fdb78e-5207-59e5-ab49-3032387a8d42", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:167a74f2-8b2a-5638-93ab-683d049fa863", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e77f97d-fd7d-5f5e-a610-3ddf0d73f4e8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fcca6d4f-111b-598b-893d-b37e6ac2d55a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85fd3eb9-36c3-5ec9-bbff-1507589744aa", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a35bca3-c895-56b7-b717-94801167246d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:248e28a2-0f22-5ba2-840a-b8b4949d7cd7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:235b7574-4d7b-5a6c-8c08-fe13d8c16b88", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d5986c3-eb09-524d-9180-cfcda353e940", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:831a3e32-44c1-51ba-943e-5be6f4f4cd9a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e0719a3-a407-5c54-88ab-b1bf1927d5c7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fa557acd-ce68-50d7-8e6d-5d1c1973d210", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:954c664c-7f21-5d92-8b53-d7ed18e70929", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3eb5ad6a-7f59-5711-8385-210a0fd1c2b1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a9cff8c-a877-5bce-bfee-67cae9030044", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b8e515a-eff5-51a6-81d9-b36e03e686c8", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65000428-6fb5-5005-81ce-c4e1c142c06f", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87f9982f-f206-5808-b727-edc0af9a96a6", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91697948-7a6d-5dfa-bafe-194abe66a353", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8405c312-9329-54ed-9da6-36addd43b31c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b72ab4ee-1323-5eff-8b58-f12256813121", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1cd62ead-0d82-503b-be82-f1dcf83019d0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98e4d2ff-04b4-5645-ac80-410e69c2043e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45ca19f8-1eee-5b4f-90ed-517c2c1fe8e3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:724b22eb-3cef-5d5e-90ad-8c76fac3c63e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64bb596f-60c7-528a-9401-fc6b3f277b9c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:263bc468-dfbb-5b00-b0d4-0ac3a317efc0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d8a8563-fe8d-5a62-bc89-46f5e510e5ad", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:483324ad-bfc8-52ab-8696-154db095dbdc", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8428b34d-3683-5d97-9721-e2d7e243970a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0cd7724-bf1e-50a8-9e87-e49059a35fda", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1166a9b-fa71-5120-997c-4900818239b7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46bb5c82-44a2-543c-8a9d-c69a977720bb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b242bea-76e3-56f6-9dc1-3e00232abb44", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:683c4954-0a03-5adc-ac16-29b740ab789e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f84c0022-8df6-5f06-8b43-d352aa09660e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91385ac6-5967-5c69-9523-0e15d6a28f9b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.30-tuxcare.4" } ] }