{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2849e531-aae5-550a-8f99-699e9eba94b2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:95b28713-984a-5500-89f4-db22c6164af9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:acd3d803-0fac-572b-b0e4-e868c94b3233", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:812136a2-bf50-51dc-ae9f-0f459086bef5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f710547-8463-5cf2-9722-f295934bf34a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6c78e423-7f80-5ff9-a479-b246097d33a9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8898436b-a298-55d8-a3e4-51fa55c243ad", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5bd1aed1-b41d-568e-935f-eb4fd5df3200", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5a00bd0e-fb47-5700-ad9e-d34d85f2599b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fb93bf6d-9b2c-55b0-a1c5-a29a93b5f3d1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f65fea3-1531-5d57-b250-7c0a96813781", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2fdb4505-a776-5572-a9ac-b70bbe0730bb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6dc5073-3e58-5181-b097-f4d3567d7fba", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce55926d-2fdd-56d6-94db-5018595849d6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:004d8f40-e642-516f-a391-8b18f2e5f0aa", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4ce1166-70bb-5f0c-ab10-7d32615ee056", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c301a56-b9e2-5ca1-b216-edf020056e2c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3c9b35dd-b920-55b4-b21c-715f513a4d2c", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:97cc71af-f1d5-574e-9662-1c53ac037133", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7336358c-8156-529a-b31d-6797a858a5f6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:95298469-c126-5ab1-ab0c-dd2586e72c09", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a9c8d135-57a8-53c9-b9e5-1a5167179ebd", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73285399-66c5-538d-9969-681d382ae256", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c03f99d0-fafa-5b8e-a83c-8f8743048a68", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:602d1a7f-7417-57ba-9d5d-447f751c7a7d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a9bd0a98-35ac-5d64-bb2d-a50e8256ed70", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25f667b7-29f2-51a5-8ef3-cfd18041001f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9666c820-3fd8-5d95-b636-cdd634836266", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6862164-c008-529a-9a43-497a393cee15", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c3ef3d11-52a3-5f6d-bb25-005f48d9596e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:554f627d-ffa0-5c2d-8c0c-4af0b06c9445", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:706297b8-f4a6-5e9f-8720-e1f4f000f18d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2905c3c-821d-58de-baf7-09ce8a4f0a3c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:253c6ba6-34a3-50d9-a052-f5056ec43dc5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a27efb5-b981-5174-bcf4-d385e4e75629", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1aa9a4d-4f4d-50fd-8c2d-9e19f82a56b7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5dc3b714-72ae-5184-9189-a8f0a0e39a7b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3294e297-1f21-5a6a-96ab-420af96eb105", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.5" } ] }