{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:33804f28-a611-58d3-86b7-f9648ade1e1d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1c9e3aec-81f9-57f8-a4f4-e437d32ece21", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5254e193-f92d-5ca9-aa3f-e0cf6d9664fe", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1bb9bd7-b5a2-5f38-bc1f-a7c0e318f635", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b0b7936-8dc9-53d8-946d-593a86d6501d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86836ded-17b5-5bc4-a327-527d4ba3ce5c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fafcce8-6971-5ea7-a24b-fb9a22727c11", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2dd1d90-7edd-5887-be3a-c07380a73bc7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b94367d6-4c33-5d8c-b9e4-7f2b6b64a719", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2394f796-6106-57e4-910b-b14c43dfae19", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4aaf7ad3-2474-5bb6-97f7-0313a1bdc891", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d32b615-840a-583c-ba29-44d7e560fc30", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58ea3b81-7b82-51f1-9b73-ead5573f09de", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4abb5bb0-e4b4-5f72-8d56-64af57696e9d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f0e291b-d460-559c-8729-e398781a37ab", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8408d324-9869-538f-b708-620c8d40b5a8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5f1f76f-34d0-5747-afad-afcd62cd826a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2bf5a66-218e-5d82-911c-e4572036ac4a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16102b9a-6a06-58e8-837e-9eea3533f910", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dde89c00-38f2-528d-b120-bfe0409f3b5e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d660709-9ed1-51bd-90b9-41dbf5529dfd", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83b49900-1b20-5c47-a7cb-c7680690da21", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:952fc337-b904-5b2e-9743-9ada9cd585f4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b67b21a6-7cf9-548e-add9-764f2e7169cb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1299a251-a1ee-5126-bc62-a36bc16c3d6d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1d5cb85-220d-5984-9d50-0ab898904fb5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9bec5b6-4ac5-5e3f-95c4-c283ea7d70dd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a553563f-6f44-5780-b682-47406be3f75d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebcd137a-4028-5b4e-98ca-2537fed07c01", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e600f27c-d9c2-52ac-99fb-2ff87e447b01", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a159743-9585-56c0-8942-60d98fb39d57", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fea57088-a49a-599a-aeb2-ed1c475fe252", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bc283ab-64c6-54ac-86fe-0317931c4b64", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c38f55b5-145f-5d7e-bf92-9eca69b5ab35", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5266d277-a0e2-575d-b4e1-ba88eda152eb", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:245fc345-caef-5d65-9afa-a096e64c7325", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08d8bd62-1ba9-5951-8fba-8294be23d9a0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:118afe9b-a32d-5882-b9ba-ee38107b1e47", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.4" } ] }