{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:35d2d13b-fbe8-57c4-aa4d-93466d58d10d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f6e833aa-5be0-5ce3-a647-ebe8762d24fc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cb4e1a69-52f2-5378-b200-83c66a2fe979", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:26a838ce-a741-5636-be5f-398462e2a467", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:51fc1afe-f4e4-5965-b8f7-ea8dd3c8086c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a9e2400b-d4eb-5950-a9f6-f41f54700642", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:112e1fb4-c343-5afc-beec-4fa5b5a0f2d0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:696640aa-2ac1-50b7-ba9c-de81c536abd2", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5abbd9bb-d987-5219-9a4a-d31c3b0cbcfb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:815ecff2-4c49-58a3-ae0b-e1815d0d440f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d0b9e8a6-8a71-547b-b9c6-3b4f11383db1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:275a2043-c848-53b8-aed8-acaa403d6d60", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d714185e-2283-5722-9052-95fb36ca1f51", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:56fb5f77-ace9-5381-882e-778c3f23b2a3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dc113bdd-cb32-5dba-b85f-ff996b8f940f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:88d68843-a74d-5953-afb3-0703ae813430", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a774c086-d5b8-56a0-b701-396272c2d0da", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5a2ef6fa-7dfa-5b91-a85d-abef4c227ca7", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b6edc004-e149-5e72-84fb-0334fe685c3f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b4d0b511-cc26-5f49-b882-a699b3251eb6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5e316053-8dc7-54e4-8e76-8b31a845a490", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b265ae68-10de-5574-a3dd-25105626ab94", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f355e22e-f6c0-5d16-b3e6-11d9b96b5bf0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:575f3a99-0634-55ee-a5bc-03049f54e2aa", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1fdccfbf-2097-5008-957f-688667ccfbc1", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:71adf2dc-81b6-5f6e-a6b6-893c8de6aba2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:91f2f790-4ffb-5b09-b22b-1e8d6429d291", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:69ef91fa-e315-500b-95c4-bd28a922820c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f964846a-2ce6-592d-bc9c-deb32f252bb8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3a04ebb2-b2fd-5264-b1ee-b8b22614e22b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4c820e4c-0974-5359-bcca-cf9d764f9277", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d6d75f7b-128c-571f-a9e8-278b91aa1362", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e1b1bc7c-3379-5675-9bac-59709a21da2f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e8712bf6-f044-53fe-92d9-3d7d351514d4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.37-tuxcare.7" } ] }