{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b1b23d3c-4c1f-554d-b7b3-65409a22c420", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bf9a9552-904e-5ee1-ac46-96f2bd89ed7e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:18724a22-3cc1-55e8-bf5d-b7ca96bbdf27", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69c3cae3-49ca-59a4-9d09-14133f5cc1d6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9179acfd-83b4-5855-bdfa-4bbffe26b111", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ffe4ed5-6493-5f31-9646-6a46e29ec444", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:101fc871-fd71-59ca-95fa-c826a1e438f0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da0681eb-9e36-520b-80e9-402759fe98b6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7fff1e0-3816-5433-bf23-345fa5ca7751", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bfe103d6-1efb-5fdf-8170-d6acf9b290b2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6148bdf2-302f-555e-a1be-9e6c9ada7d90", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e774c5ed-c944-5912-b891-dd9df0868b9f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fee0c787-f2e5-5364-89c3-67a0964295e7", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8d65f620-c306-5a52-8d40-141f2f95e8a0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:841f2b6a-2e14-5ce0-981e-7d7c4e098026", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27747959-7e9f-5d1b-9814-5f3a9649df44", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d50a471a-74d2-50ba-8d9b-9d7909c91cda", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:22cee65a-7d5d-502f-b4b3-095c374cb58f", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d1862ab-3bb3-57c1-946a-d468150accc0", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:95a2c211-53dd-5bc5-bf1e-708c0fcab8e5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8d8b2367-4773-57aa-9705-0ec235558f4d", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:26ec0aa7-1962-5057-bf41-ee03266bee65", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:167d7915-98b4-595c-9e64-fc5eee5d1944", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b3ca65f1-2c9a-59c8-94cb-74448c8a5009", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6e70b380-5553-5ec5-8785-2ce45197ea19", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77e0179e-abf2-5961-bcba-a9f71ffb72bf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6b9e6a7e-c7db-5b7c-a1f9-6e869b01513a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:feb3bcec-c7ce-5bcb-933c-fc399c08f5fe", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f70f4276-4398-5caf-8511-a78bf6b1e88e", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c12ae2dc-5cfb-5c91-81fe-2aa61774d35b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9e154708-7579-51f7-b200-bfdca2b0856f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f1ed13e4-3d18-5502-9c60-1e05d48eb424", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0f85ec87-d789-5245-97c1-1875c88c22c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bd5554c3-ad33-551d-bf3e-39233023fa62", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd7caf11-e352-59e4-a757-cb027a66210c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cdc2123b-d8ae-519a-9766-3ffb1ca7d4e6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94edd38c-36c2-5a5e-9f29-62e630af882e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:751383fb-8743-5ba0-85b1-fc403fae7374", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.5" } ] }