{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:39d05ca8-e6dc-58d3-bd73-e8059865a1b3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0f2b45c7-6628-5b4c-89fd-f843d16adb6d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0222273c-b8ec-5c75-86c3-8d4dafbe692d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11df1a05-a316-5bd9-ab20-f9af379b9506", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:938220d5-37df-5847-a449-047a036607b5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5c022bf-35a7-58a5-96f2-662f06c103cc", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63bdec23-2f28-548f-9374-4ec29770c580", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:823dc124-fe89-5dc8-a94e-54083c80178f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7005956e-d6f4-575f-800d-6937fd4e677f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f92bb92-6fc9-5794-8e44-f69b6b8c398c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d571b692-fa6f-5b4c-8649-1889105ffc6d", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14afb56b-95a5-50d1-86b7-2554fc78bab4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5f83891-224c-52b0-8d30-775153fab4ba", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2693c2c0-c239-5ad4-ae2c-39b25105f299", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f8006f1-6610-56b9-a819-9e52b1070c2d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:031af718-49ec-5578-9327-2ba37c025ac3", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26c3f877-547a-517f-b2bc-a8fb7da63dea", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:274a2217-7873-5d74-adaf-5357e13e2648", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1541fb4-0dd3-503a-8880-0f04551964ea", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0fe796d-ac84-551d-8c38-25338974dc44", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbc06570-f9ca-5cbf-8326-691071c63b4a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e33733c9-ab83-5a0c-b2b3-666a9a3594d5", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92e4511c-dbcc-5d7b-97d6-cbd702020238", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44a85ed1-9827-5132-aa76-d91778b26b3d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:23e240bd-abbe-5ec7-9199-bd140c86f926", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:668b179b-cb06-5ddf-83bc-f99bc4c6b537", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c087ab80-d113-5538-bc4b-8d4a85dbc27b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed174d22-6f70-53b2-aaa7-4edeaf24e90b", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17eefc3a-a088-5b6e-bb28-b9b0ca88cf5b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b80813c4-5f5a-53e6-b8f2-e89c4643c21c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca8e3037-4a54-5741-af14-0fe39a7ba1de", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c089e4d9-dfd8-5e41-ad9c-4acf5b41b23a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d8eaad48-6c89-561f-8915-f09ffe191f10", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dce4f8e-ef24-531b-a295-2ce093ed8e76", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d05dcc31-7ba9-5130-8715-c61530bedaf6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d80b388-1359-5768-983d-9c2bc168afb6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4220dea-cbb3-56d8-9544-56a10231ef30", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.30-tuxcare.4" } ] }