{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5f11c153-c35d-56fb-8997-bee21e749367", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1afa312e-61e3-5f37-82e6-0460490d0807", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf209018-e28a-54c1-acda-f3a5d5817a47", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbfadfcd-44ff-54c9-87c5-e6f585074c78", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1dbeeeb2-0b4a-5b52-bee3-f45c0ae42f78", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68ef8fc9-9d6e-5615-8c94-08b3f9835d0e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb7fc733-0359-57e6-b1f8-c837cdc4a194", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bbfd2342-2a82-5fd1-a3eb-b06a5acf9797", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9edc0922-d40e-533b-92f9-8f2613f40d8d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4728464-cc6c-5efa-928e-9b9d294a2b34", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac03be21-60d0-5d6e-897c-40c8e1fe2060", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:29154adf-9171-5d1d-ba89-17c59dea7456", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf6fb9c8-50d7-5855-99e4-43b3ff1d204e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a0d987c-8207-5e1b-8744-021f82b56e8a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8031f0e-6850-5f4b-a382-e81ac60091ea", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1f99d4c-95c9-5cee-b8f2-d6d188047671", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b226c1ed-9570-5743-8076-f328780089d9", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e653fc93-0dfd-5ed6-a9e7-43b936d9a490", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:000ef458-da23-5953-8064-ea81f186132c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc98443c-0c12-5d03-8fd6-42f320190d75", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1589a8a-3ed2-5af1-b622-0b67b2198f7a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce2d5ffd-bfd0-5771-b409-5f6f298c6751", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13d9fa13-e8e0-5c46-84d6-d9717b796aaa", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e5b72f6-e4cd-58e5-aab5-7c330ce354b4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca624bff-340c-59ee-9d32-a443e68099a0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38386fbb-f1f8-589c-ac75-24dd912bb47e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:27f63f24-9243-5320-9205-81ec22475855", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b46ff6fd-8d0d-5561-80a4-46ec792148bd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28a3ce1f-0290-5638-9140-659c5e371900", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:576a7f91-d2aa-5c13-b601-799b6bd0ed04", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:045f71a6-04ac-5bdf-8daf-f11543242d83", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a6dffea-1cb5-51a9-ad12-cda5c114427e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5b73393-64d5-5961-b3b1-4f5e2e3dd8df", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ba070b9-e334-5cf7-85d0-0fd5ddb39c4a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:826c16a6-b05f-53cf-882d-237f8233b635", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:567252df-ab89-5848-b853-e71c0cb24877", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0ae407d-53f7-56c8-b9f2-d5783fe05171", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e52462d-fb8e-53bd-a4f7-ca3ee1f97939", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.4" } ] }