{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e1bd2755-6033-5960-9e17-bb2adea79145", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:41dc56f7-e1a7-552e-ba99-f2c65cffa163", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7e83bbf-496f-5b8a-b998-866c83547fe3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:de6b4858-5e54-5c98-9fdd-7321fefde1ae", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6167084a-a9c4-526e-aac1-57b79828333a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:578626dc-317f-5e08-828d-616e1329587e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c32dcc5f-6051-56b1-9cc9-c2a04ed41125", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cbd453b3-5e8b-506b-aebf-4258e22f583e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6d13a6b-08a4-5560-834b-53b80fe3baf5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d9378869-e311-5fc7-8436-6c829067cd00", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f5d24d21-870b-58b3-9d44-0119d8f04ec3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d15ac840-978a-5f32-9a0f-a6ad39cd2230", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08943a7c-839a-59f1-997d-ea68e3c6b6e6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08a04117-914f-561b-a07e-992de958b85a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66fa00fa-e476-5735-8a9b-e2bd15d87b33", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6a708797-dc5b-5e3b-afcd-e1ff68185460", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77ff4c44-18b8-5593-b23b-59ac28fd34bb", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9e1e213e-c5ce-54a5-8fd6-1785b9040baf", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:48dd48e1-65b9-57bb-b638-4b1fe12adac0", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1df187da-e695-52f0-9c12-6e1082d1fdcd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e16cd8f0-aab5-5039-86be-13941146ab46", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ca4c697e-5536-53a9-b52a-319601f5bd2c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3162ce78-899b-5173-a93e-8464eeaff2bc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1875f717-7eff-54c2-84cf-bb78483645ff", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4c006b76-2bd3-5ed2-b681-9f076d23e1cc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:90c6aeee-1723-5e8a-a0bb-16833d726f2e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:48bd6cf8-a6d7-505f-b1c2-a1cfb2658cb4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8c896a75-6fb1-5741-884d-7ba0f14e4a65", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:879a1db9-697d-5c41-8fb4-35dde74e8119", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ac94a0a-c12b-586d-9521-7cdc4ce5c8f7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:177adb8f-0451-5cdd-b76d-8f23c00ca2f3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:35c7e4b5-51ff-5904-860b-c0ac82c32d6c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:74bb5e38-c012-5dff-a206-733cba5917cf", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e4865f15-d576-55f1-b598-80e9a056b649", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a4948c90-7f90-50fb-939f-b1ed87fa7a98", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d67f22d1-7802-52ef-a8f2-0839837cc9a1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e99e21e-b5dc-5bd2-8d67-ebac55a23202", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:357bcece-c1cf-56f4-b593-001acc4755ec", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.5" } ] }