{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:beb1a12b-242d-5b07-9002-2186881b14d0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07e83b84-887b-5236-b3fd-699ddd433388", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07cd8e1c-cb7a-517f-98de-a8951dc3d974", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c5f8d99e-bcff-5706-ba8a-4c45fd35fef3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:62f88377-fbb1-5a72-bae4-c9027e69aa3d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f4db8d31-9647-5bf0-a236-0972fade1680", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08c59074-5505-5c78-a04b-75989798de28", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7fc74bd1-b6b5-5b68-806e-677606f00171", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ba6ca4a-9163-5e05-86ab-33574da2b88c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4cf2f219-ffe0-5748-ae50-7f1de50fb39a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fb3d4ee0-8e5a-53ce-8604-38def1a97962", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:50c944bc-bc54-5d46-8452-de5d7a575814", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0f753d89-3aa9-5b59-bff3-e1ff9563e6cd", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:21d89bcd-e4eb-5d8d-92cb-427ffbf0c9fe", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ed87d4e-c558-5773-a9ad-5e5f66eb5a95", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fe520bf3-a3c0-566e-9cd8-a62b86c08d5d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a50b86e-f25c-5992-99ee-334c81fdd269", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68d1564d-962b-5cb0-a86e-57162fa8074c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f19e6d3b-a134-590e-be7b-8087035e948c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6fd251a8-84d4-501e-b522-10232e984a31", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f5c183db-d8ce-5fda-b1ed-15ec46f5773e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:289c8106-44e4-5345-ba8f-21fccbcc5832", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:190fa3f8-f5ce-5a5f-8a67-465ab8d7a8ef", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77cfa28f-5182-5376-8f17-70590b610d9a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a42d0b2b-b189-5b9c-a0fc-af7d1d4f39f3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d80aaf1-c4b6-5cf5-a577-cff8cdf39ebe", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e981e15-f938-571d-8810-b983057a603c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1da47a5f-e969-5eb9-bb70-6dfd1a7829d3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0445cae6-4d1e-5dbf-822b-f92da9305f6e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a2a2f4d1-4266-537a-9bdf-dc39013aa70c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:958b9ef4-e219-5590-a8ed-ea967c378284", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94b0e664-b16e-5a86-8086-bb9b02a2bb50", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae04bde2-367a-5bb7-b3b6-4220dc9fd69a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fadff35e-3b54-55ef-8f9a-5a77918403cb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.5" } ] }