{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:165bc33f-49fc-5bcf-b644-957c857f1f5c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:053ba62e-6a46-51e3-ab13-e1e2dcf39f94", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71b18dd5-53a8-52d9-ac83-c7e19520b7dd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:64eecc6c-5994-580a-9dc2-42e5795e16e1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ace03e5-ca05-5427-bf2e-415211943b2f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:086e6dc0-3ca3-5a73-b48b-472b1d7bf5e4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d68e86d8-0e39-510a-a2a9-78c008002109", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5b038bcd-0fba-54f7-bced-52826d645914", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1129992-9319-57af-9355-e923705381fc", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:86add9d6-ec6b-51ff-a48c-a88c26349454", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:10787979-b178-564e-933d-f514443dfad5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f814bd5e-d4fd-5a69-8b10-816c17d20533", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b876eeb6-8710-5725-b1b6-9fef683e67ce", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a45eb096-d0bb-5932-a4b6-f518a0842a1f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a04fb4b-0679-595b-a376-94f2d93ac3b8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:15df13df-bfcb-5c9c-a529-33dd643094e8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:396f21cc-86ec-5c08-b24f-5e1959febe02", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2113a815-83e2-5994-a242-bd9623aad77b", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4bfa130f-2b1f-5d5e-a51a-ee75059016e3", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9173db0b-0065-52e0-bdfd-b69f36efc8e7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:040aecf4-d939-5010-a915-a5c2b564a7cb", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:784879f4-894f-52ca-9652-be2689e2d715", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9b6ea49a-e68d-5d06-b23e-2f5f4e705553", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:392d6179-db37-5428-b48e-be84f58322f2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d2ef77f-72e9-5b2f-86f2-a6a6a497e334", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9a6bda2-705a-559d-bf8d-e0fb8eaa3644", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c1ea76b-fb08-5e84-99e7-40ee9b836e84", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:43cb1687-848a-5ea6-9728-f1c7c67006a0", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a10499e-d102-524d-b220-dc42ae512968", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aecf7fff-bdb6-579b-8f65-ec0a92df2f11", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b3ecb3ca-37ca-5e6a-b94f-0ad16db7e959", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eaaec250-c205-5834-be93-4e4422f36007", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f7300eb6-3e2a-547e-bd73-ab44290ff78d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e4a24013-7c4e-591a-b0c1-08750b0fac88", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6c66d8cc-da8d-5242-a7c9-d75edfb01faf", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a412dd21-90fa-51e8-8454-1332eaad58b6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:42c5bc58-c38b-59d2-adf0-a461c28c88a5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:76c26ee9-da2b-5d2d-8275-277f8bfa96a8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.5" } ] }