{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:351f18f0-11c8-5d56-892a-c80a67dc361a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:adbbd6d9-87f5-5e1a-bb21-fe8340e6c345", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bf8b7db7-73e1-5f16-a6c2-69a2f27e8a32", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:aa92644c-d301-56ba-a6b4-e3990ac09e82", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:46c55c05-e95b-5235-8be9-b31e2856725e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d2b1c09d-6b58-50b1-8499-b58515d52e4f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6f6ced65-e163-51c5-8bd6-50ec542dd3c7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ca7ab92b-20e3-5998-b5da-6ef8936ee39c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6b3e9a9b-cc86-5f5f-85a8-8188993c9576", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f1f5c61b-8410-503a-bde3-b3e67f943d40", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ead69f5d-03cc-5513-beb4-c77a853e3097", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e1d52638-291c-5434-bc62-88886aa1d22b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1b3bc148-bef9-5dea-82c5-b20ad8626a0e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0c9d2749-6c8d-5f91-aae9-214fb2854cd6", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:297faffa-b02d-584c-b1b6-7328425ef709", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f9092c0b-caf1-51d1-9aa1-91e835089e1b", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0be99048-fd97-537c-897e-3a3d3d70c1e4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a9f658cb-de5a-568f-a981-1b74230bb9b7", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f52e840a-201f-5204-854f-0c6a756211f0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f413a0c1-82ac-5419-8f44-1d2578e3137c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:66f0a2ad-8c08-5b5a-96dc-8750f893c50e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9dbca7a8-41ef-5d8a-b96c-114974179558", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4453e5c8-dbef-56bc-90d1-38eadcacd97a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:68e06b2b-0cc6-5dc7-8671-19c74709457f", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:978c809f-07f9-5f79-9649-0555fff51990", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:22e8e3d8-bf8b-538b-9aef-09e1965bebf9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bee630f5-2e93-5e92-b71b-c391f3e791c7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:56fa3f24-9540-5e64-bba1-f4a0cacdfd26", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:21d2f192-b5ca-52f5-99d9-a3cb37da1d5d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a01a01c4-9b6c-5dc5-82cf-58c541b259f2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3a270e00-f16f-54d6-a4b8-5dbef62a9661", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cde150e5-8e51-558b-b3a2-e6c65aef23af", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dceb30dd-9b8c-52fe-bce3-a0d817b586ea", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:02ced3d1-f7ad-56eb-9cc9-8266522621d4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.37-tuxcare.7" } ] }