{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f23c6a4a-837b-509c-a908-c56e9f908601", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3fa4a5d3-c32a-562c-9db4-e7d18558fa9a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06159185-869b-56df-90f1-995608f7c7be", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a8942f9-6a6c-507b-ae62-8a50e6df4d9b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34cd1c26-29e6-5664-a13c-56a0f31d334f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37fc438c-328f-5317-8c4d-23a6410891c8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a35515a-4e00-5a4e-9478-4f83fdc85502", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6a63b74-56ac-58de-b247-332f6279a79f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e268ec0-31c7-5b54-bb8b-82542bff2d84", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82c2e972-527a-579e-8d58-fdcce6c2b0ca", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9eda37aa-81f4-5a68-985b-9ee246898e0c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:732877d1-1d81-5971-af40-6202e4e92729", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae126785-590f-554b-8411-e71cca4ac374", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc415ef6-a698-50cb-a0c8-9d890f1c6086", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e16b0a94-f4e2-5fdf-8885-e0152175135b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4aceec0-fb68-59d8-b47b-dc58c0699354", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a950d77-8fd7-57f9-a259-17b001429fb5", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebd2e496-b650-5c53-8881-386b9b1bc42a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0358db84-9b9a-5f37-8191-178283e5e982", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:413b5c2e-64c7-5733-b27c-478ff1184422", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:619953d0-d8dc-520f-b216-da434ab29e15", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82593917-4bf2-5429-86c4-91a81e89cacb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19eb3376-af0b-53ff-ace6-4c26e5cc827d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5afdc9d6-c343-5ad2-a12e-5e6c884938e3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83701900-30c3-55f2-9408-d5ac93af0c33", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db1b9610-ce3d-5a46-9130-1d18766021d9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:448fc9e4-ad17-50ee-9b71-1e00a8053187", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d05fe71-7c02-57be-97ac-5e6006445db1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69243d8a-1038-5627-aade-4ee3905aaf07", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7092497c-6b68-5b49-a4f7-920cada71aaf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e954c440-9aec-5756-91c6-d2abc83dfdb3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc9e9c9f-f70a-58b7-a206-5581b999d382", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c679f72-8607-5793-adfe-58e97919cfc9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a11a3b74-d8bd-5605-b721-f22fdf9ffa43", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd82dd09-3ed9-5c5b-b024-340277fba91c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0afbb4a5-ffa9-5476-8ec5-1139855f09df", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a88e969-766b-54ce-a98b-f6af3a08ad0b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5a6ed1e-582d-51ee-993a-bd8b01349469", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.4" } ] }