{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2709f7cf-6fb4-5739-b601-da071a6c0e03", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7eb97e95-bb1d-5de0-8219-063ee62a50e5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9ba527e-01eb-586a-8e1d-6d9671a39c1f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afd9f08c-4d0e-53de-8a4e-98904254e32f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40920552-561c-509d-918d-ed0412086da5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47646578-56b7-5880-abc7-89fd24a04b20", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16fe2352-7f55-52e1-9616-fc0083085847", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72fd9549-dc00-5b96-b100-9acea37d9558", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b1b5311-b05b-56d5-adc5-054fd4b9eda5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b44604cf-879c-5239-808a-b6177fe44e33", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0766fb76-fb01-5458-b95b-65533d8c1559", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48460335-977c-5b80-ba74-f33e337d1782", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f8940bca-f6b4-51c0-ba55-8107556aa7e3", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1e44602-a815-5a2d-af0a-116158faa312", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4ffcbcc-4033-5b39-8fd5-58d00adead40", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28b6fbe4-253f-5902-a4b6-85b2defe52da", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7683bacf-5173-5832-91e4-d72f67acc59e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a65802e2-6eea-54f1-a88e-0934cd03c335", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1eebd505-9590-5d00-bea0-cb107136e1ab", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e2369a4-5661-5db9-a90d-6b6617310195", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9be7f2e-f655-5e39-b97e-b48dfb55b709", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50af9f26-34c6-50ea-835f-85a237e0bdde", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9cfde63c-ed80-5698-a1bf-a3b6ba10bc9e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74470491-862c-5a21-afe4-f0248d01920c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75e1587d-7d64-5325-be0e-2b07aa4cfe0e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5683cf3f-115a-5426-9a42-2ea0fba8c0dd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fe3729b-48e0-5952-b905-ec1ffe7c96d8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b020dbd8-09de-55e5-bd20-09a45c409774", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31c94770-d3a4-5979-92fa-ad70b14ef1d0", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7625b587-ae8c-556f-9f87-50e96bce0a9f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3291420-e3b6-59d0-bf8d-e5a6b75654ea", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e475e4c-a804-548a-ba77-17f009df9a4f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b613bb3b-594f-5374-8910-80539015a481", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2523de4-520e-539b-bd9d-def6b76fb315", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9cab69aa-ddc7-5469-8a6d-77fc63861d71", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2f031c9-5f57-548e-b26c-cda0336597fc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e03150d-a9fb-5bbb-bd19-e4d22aeff50c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c73f6fe6-bdaf-58f0-b734-e43752a2e71e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.4" } ] }