{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:38179760-6002-5c6a-b044-7de061b6189f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fe517137-bf72-5173-b513-d1294473faed", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab84da61-7ec4-5f47-af1f-26ea8ef94444", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7bbef666-3996-58f3-a4a7-3a44bcf6b4bc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6064dafc-9972-54a3-bcab-98efcc5978e8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a518ee8b-2594-5fa5-8ef4-b6175134fd04", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13cfc857-bc89-5c8b-bad2-be514b073b72", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f51a6dd-00a4-53f0-bd70-f1317afbffd1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c23b057e-44d5-5c43-8ae7-2738acb23e16", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67925e26-bd50-55de-a592-de4a8531aad0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ad74902-6b19-597d-bd37-f1f34015f2e5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33f7c3e6-2a6b-5de3-b5f6-1d05d8bed879", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bfe17933-a718-5556-b9af-fde6b8c91d10", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dbdfe072-81f6-51fa-97a6-9fdd932ec2e0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3e1da1b-4a34-5ce8-a968-e8989942d904", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d50dd6af-d13d-5ad1-bc1f-37d6d547abf1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:811d2ddd-287f-52e9-af45-fb7665a9645d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dbaaca9f-eb6b-5222-987e-331168e9c572", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd6899cb-e3cf-5045-aafb-8a3716dd8107", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3d711d8-81ee-594e-bcb9-c484d490a772", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02b05f46-dd4b-52f9-bd7c-034a47d69c44", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66e60138-0d3d-5637-9099-7d12cafbcaca", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6939786a-c77f-57da-bfb2-95b7c3449cd3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e267e84d-209a-5c2e-9915-128d4bd5d2ea", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72293ef3-e2d5-5f3b-a34f-919e3d46d42b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b0541f7-d7b0-5b7b-8a4b-db854e837c11", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74e212df-9b5a-585d-8fd8-38f1ab2b04d2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac75230d-bb0b-5e8f-a8b0-9bda02478ebf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3080b3f-d904-592f-96a2-a394958f67a0", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4050c01-0e42-5e48-be70-0bee92a3ae49", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2adf2525-a5f8-5b1b-93c2-299fa6c0dc93", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5924ae9d-af78-5854-8a5e-b184acf7cba8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:271c5eb9-f838-5526-a488-684786bfe557", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ac3b6bd-04d6-542b-bf5d-72e9247a98f3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c12cc04-7cf6-5bcc-a32c-6b7ae91c02de", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40aa328e-463c-587e-a9ee-68ffcd72bd22", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c473891-3dd1-5789-8bfd-791640ba965a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:536584a2-792c-5a17-b411-36215f71226a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.4" } ] }