{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:14111c4d-1dde-58e2-bbb6-a326130a7783", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e5edf2db-d92e-5d67-a2bf-c62d457bb7b7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48c75f46-060d-5263-acdf-e604bd2a8da5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18223e9c-5049-59a1-8c27-917f8f1e9292", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6180f7af-bb1d-566a-bd8d-c73edf9d03b1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10f1f62e-42cc-53cd-9b1d-f4f609efd462", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce87ed3a-2ddd-58de-9499-f02a39ca4c1a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71a501a9-eeee-5be9-9679-0f92ca289160", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:914a821e-1c72-566d-b25f-f1e1567746ec", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:415ee42e-7cff-5650-9209-a62a06caaad0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:facc8184-4f0a-56ae-9ada-b3ebea2fad26", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57aff5fe-4f17-5688-8598-70e9d7e6ee80", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dc1a0ee-8b7c-5f3c-bd8d-26663965c153", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b24565f8-bae9-5882-9d3f-a26d898e2b7e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee2dbc10-dc68-530b-9eb3-f976cc19cb4c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db41415b-36f3-527e-a4c7-7ee1013d741d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65586b45-fb5f-59ff-9cd2-bacb6f577b49", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63f0395c-4ace-5373-a591-4c5de35dba56", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79401541-1383-56c8-be80-ad85ffaef900", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2afaa412-a0a4-5432-a362-34cc342c339f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa3bc25b-1d72-5083-bf08-961e9f021905", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:969f9fb8-9af4-5fe4-9620-68cb49880f03", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cbf7d482-248e-5b9a-ac77-84cebd25cba0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-context-support. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ae92df0-a1cd-5fd8-aabc-567f54671462", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a43aaba4-6bce-5b32-8f89-bf8f41f84092", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecc88c4d-e4b7-5671-9bca-0e3de2719fb4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d24f4c2c-cc32-5f3a-9552-a7fe804b96c7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:378efbff-ccdf-5300-91f4-78e789ecda06", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52f5e01c-ef60-51ef-a887-38fe4f323471", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37d3f5db-89e2-5f57-8e8a-42ec40d7b5c7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f41d4775-3400-579d-b977-13ad0507d8c2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58a62fa8-de81-55d1-b7ee-e78fa9d7f862", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21ed4e73-2e91-585f-8c2c-e84c7c7406df", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f92d4e7-e146-5d35-abdf-0de972e13bce", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bca59b4-e5d6-5c9e-9b24-0bf934cf61e0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9050772c-124e-53fd-a5fe-50295cb3554a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bfa5d2c-1f35-5780-9ef9-bc153383a1a0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.2" } ] }