{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b1279fe3-9ba0-5b4e-85e5-970d2543e939", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.39-tuxcare.13", "purl": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f609e4b4-0b62-50ac-abc5-76095be1c980", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:544b6362-ffd4-507f-a207-62b0d3cfe41d", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.13 of org.springframework:spring-context. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:88de0a1b-9b71-59ec-80f2-0652d0eefc1f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:f6c797bc-d4a2-574c-925d-6211efd8867c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:54d6c1ab-0072-5c2c-b812-0da580228642", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:d264d4cf-2661-546e-bf62-cf6834da4ae5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:3d128e21-f6ec-55b9-823a-6d9e6596a397", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:9083f04e-e79b-5fa7-9b7d-8b69e5feff25", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.39-tuxcare.13." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:5b79fb14-ee18-5804-bb12-de79401ec81e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:3fa5821b-ae99-5340-8c11-3c8b0883e393", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:a15c0318-0d87-50c4-bccd-edfd50213e7a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:081e21f3-ffad-578a-8971-b585a3990c9b", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:c3315829-62a2-5bfc-8057-468c09e192f8", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:41c5f306-bfbe-5932-be83-fdfc7a930e85", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:53c2efe4-9b84-5c29-8d3f-641beb7f5528", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:f8f7a175-6838-5e9a-aea2-a888346376fd", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:99960d63-9a96-5fb9-8160-8a09fea47cec", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:0b4854a3-ca64-579c-81a4-b04e7b87725f", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:ec11cf88-0c8d-5232-a374-08d1ff099854", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.13 of org.springframework:spring-context. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:29ebba08-e8d2-563e-a0ca-7cf6ab27eed7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:8674d664-fb2e-5f6a-91ef-fb9038be23ce", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:649c9cd2-2bb5-5a63-9a65-77ade8777970", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:62b2fa91-97b1-5f38-afca-ccbf2096bdc6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:899e440d-dec4-570c-890c-8d632910f324", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:871aeb7e-1d6e-5627-a343-e78b7e2b1ae8", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:2d9ddbe4-79b8-5e5e-8692-a9e7f2b9e879", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:0f8e8d8c-1103-59c3-84ae-102857c3638d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:f905dc57-263c-573d-bc61-d0ccfac69b05", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:9a17f7e3-5e78-5a49-b35e-55a60a205256", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:05f80243-c105-5a8f-a027-54c6f939f49e", "id": "CVE-2026-41851", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41851 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:f0a45a85-e180-5eed-ba75-7eb1a044f57d", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:2c8fe9f7-1b38-57c4-b4d4-0b8b80f9e917", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }, { "bom-ref": "urn:uuid:33b5594a-befe-5593-9497-ca57bbc26ffe", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.13 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.13" } ] }