{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3bec0c02-d937-5c00-9824-d00af5b7ad8f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec5177f3-1319-583c-876f-aa6475a5a644", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3247f1ea-6791-51de-b600-05db1b50b03d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3a9730f8-b867-5509-9fb2-d06ff72bf22b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:859dce04-4784-5fce-8577-8eb98edb12ae", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f0c6f9b7-1d1a-51d2-8f0f-875fc199589e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:be247745-5c80-51d5-8684-8aa593e02f90", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b94dfa62-06e4-5188-a48b-27b6b4d750af", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b97f109-5ee3-5ff4-b59a-ae2bc9166da4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b94a69c1-8b47-540f-84dc-4b962a400469", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6b7107c1-bd62-5e31-b2dd-fc44b6634433", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4b46f62f-1853-55bd-8182-b2bd8dcc7cb1", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b43112e0-a7e2-5fcf-a8de-05112a22cbcf", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:43278210-d2df-5f2c-a9e2-623446ed8beb", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dfb13388-b98a-5bb8-beca-50edb8c5c6f9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1246924-4ec7-5390-965c-eb99c9a22594", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a7744444-efc6-5354-8677-ea5475b94f33", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2cffc6b0-705b-51af-962d-f5a8af24a4c5", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ed5fb250-4d5c-5f07-92ca-5429a9e32a5e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c3d97497-cc1d-5dc5-a5d2-3249ef227f58", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a1fdf393-ec8b-5148-8a14-9806b89728ad", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7e33f3ea-14f4-5cb9-b5e8-c1672fd6ecfd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6944fa05-2e74-5db0-aff0-63bd23bc6214", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f0b292f9-7a15-5e68-adec-a8e035ff193e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:34810591-0d83-561e-9941-d63d9d09334c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:10fd4282-510c-541b-8a81-618d1c29c5a2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:aff6a7e2-212c-5db5-9dea-37a3952014b0", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e87a8c7f-48d6-55fd-a4ef-161d0002e4c5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f5d06ba9-d558-568e-86ea-f69e1bffe065", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:76a92734-c170-561d-983b-180c869ef993", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6ba0e5d8-8bb0-5b09-b4ac-aac4e1957a40", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3a51ec9a-8b62-5a30-9655-db7f857dc6d2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:96c65a93-7b1b-53de-8871-a3c40af07e46", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a458114b-72b9-5cdc-8e65-0473293aa57c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.6" } ] }