{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9ffb3b9d-3584-55ea-a04d-09ff52515c16", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8f944c49-eade-5a76-be5d-2c2027dff8ee", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c785247-16ec-572a-a185-39f37eba8d56", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9891d031-67dc-55d7-b6ba-37c0e4a32db0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f949020-828a-5433-9537-70738bf7ab8f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec076208-cb1a-5fcb-9533-6aeb4a6057ae", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5481eff5-e9be-5728-926f-e74988e8e019", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa058b48-ac4f-5a74-9831-9b3c2fd06a7c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61ac3039-3399-58a7-a855-163725b42792", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94c5b139-4326-56aa-a468-11b713993e64", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2887ac8-dcef-5136-bfd2-3a8f305a7392", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca4c6195-1213-5e4c-89bf-f25d12215fad", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b21a639-39d4-572f-b614-3a73f89f6a0c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12ad3d8b-d3a3-51e5-9502-d56375de0a95", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cabcf22e-e451-56f1-8133-22ea15a9b40f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb3c054b-4069-5ba0-b5c4-499d6d684191", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae54914f-4fb9-5d96-a55f-5284e030df95", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74ac86c4-4fd8-5e50-a164-8845f00f56f2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38fb251a-a1b1-5731-a037-d7e2fdab0896", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a94ef958-3f26-5fbd-a9af-c69ec67a2669", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5f19262-3136-59d7-8e96-a179eb578a00", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5dc6b97-4908-57a6-aa63-7e29a5116833", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bfca2a7-150f-5c7f-8cbb-74b3ffdb26a7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-context. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39e4bcb3-159b-5d71-b2b3-cefa63f566a7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fef9519-6716-5bf6-96fa-48d45ea9b3b7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f0ebf68-a1e1-5dea-b1b6-f589d036c7e5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bb271b2-8a48-5fbc-903c-5f243df61e65", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7057b398-2bd2-5311-a69f-5327c2e45eb7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9612b30-7ad0-58de-bd37-a3bc95927448", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:567db38d-8876-52ef-b68f-f08792713e41", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0de1ebbf-1056-5bcd-8d05-bd540a14400f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3db06107-d770-5ffa-ba5e-8e8f209528c2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc4dab14-ae81-5e6e-b317-00f5d1e4c830", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:260e50f1-f645-510a-8f21-fca031cbf4db", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de418bfd-05e5-5357-b2b3-113f60325651", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c1ad6e8-cf89-5c53-aa5a-1efa693d507c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5735f3d-97f6-5d0f-9e86-dab884ab7305", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.30-tuxcare.3" } ] }