{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c649d3a8-0feb-5d70-81d0-93efd105f60e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ca23c254-794c-54c6-82ac-ed8ab3a2bae3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d828cf16-5ff0-5f45-bf29-bd87e5faa6c0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d481d38d-6dba-5374-af30-12a21cc80fda", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:20583e5c-e5f3-502c-a919-8ea40881326d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c04d6725-5175-5fdd-9572-703f79eee490", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c91e1134-bc09-504f-9744-90341c9da7dc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58a8c569-9c82-54ba-846c-d40b7d23c5ee", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24ac7048-d1c1-5a5d-b189-56e69716b223", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ec30240-2ff5-5641-bb6f-004dad4711b6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5087d0ae-3d8b-5781-84f7-2d843706b464", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24ee71c7-70e5-543f-9784-b9785be587b4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:50fa2c23-cdcf-56d2-9e7a-a8c2502d3a73", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c0d2dd90-0f6b-5c8f-be1f-354292d656c9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3b8aac71-f4a7-5c0a-ab27-334f107fb752", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a220b20-2373-5d85-8178-c6a5358c58d8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3521972a-1d5c-5e5f-abb0-29efc6fc997d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:76d6832a-3293-557c-8f4c-ee3acb23d834", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7d09b19-7d33-599f-86b3-655f15f73a4f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2baa92f2-42dc-5f57-b621-ae727fffda99", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:749f41d7-74ca-55ff-bcfc-1519028ff385", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9270aea5-5d4b-5467-b257-12b79839a930", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:094bafea-f5a0-52fa-a698-3b3966776e9b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b43a5aac-9817-5ad4-a59d-2de903ecfad4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8209ea5-2d3a-541c-ab94-71e9eed1f2b0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b1220fb-3413-55d2-9157-b1d446c386c2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58874889-e91e-57ee-b30c-a992cf961795", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bc17c993-af07-5620-933f-7464952280ac", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:62606705-5e33-585c-87ac-564a3f2deb37", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff4f8097-f0f4-5323-aa95-b25848cf7e83", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:80d34acc-ec96-5dfa-a2b7-172bd398238d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ab160ea-03e8-5a33-89ed-7a485f46ddf0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d2b2a7b-14fc-58cf-90c2-787481bef1ee", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7e3d8248-f50e-5c3b-a867-ce37e90f95f2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:52afb93e-bc48-5894-8f15-e2820ed7f670", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:21f82c6a-c6c8-5eec-a369-5d28bd2174d1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:766617be-91b4-5252-9c0d-f722764d9389", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ef0432a-9e97-5e5d-bab6-6d7d57a0632f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.5" } ] }