{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8a1d3239-d207-56ee-8e34-9552e1febfb2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2ceb6e13-b7ba-5b15-be76-44cc2a865c6d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9542aba-abe7-5fd5-b276-d30b957660fc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59444444-bf7d-5b78-bf15-991487cca249", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e75dae2e-4767-566d-82d1-3d03ab1f6a25", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9feaf71-ca88-51b7-81f0-b5348b03dbcb", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6251c071-3b67-5225-b54a-3b26802cc7fe", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0abbfe03-d69f-5ca6-8d0d-715537aa8724", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28ec3325-8f85-5a84-bcb7-0f62183b21d2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9938d91c-3742-5435-a03f-d6bc8e8f701d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:195f4185-7a67-50a3-ba61-fa85f7309b52", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ade05461-2aef-5369-8fb4-08c370c76cbe", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b522b55-d9fc-5dd8-bad2-03f906abef94", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67c11d08-4232-537b-ac57-5b169516fbc4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0375a6a8-7d58-5217-8776-44ec90e780be", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:873dc937-c837-52e9-aa54-e67ce25528ab", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c3bec1cc-aa47-5a00-b110-62d4b2a73da2", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5d5299b-015d-53c8-b216-c935ef7f37b9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:931ab553-6976-57eb-9dc3-7d97a6f8568d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:046ffef4-6052-5848-b7e2-ffda228f39fe", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b59e7590-29d2-542e-854b-9fc819b0c828", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:552cb297-0964-5fa2-887e-00952c926255", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d998f7b-8e65-58dd-9765-67af9f777770", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26893139-3418-5719-a351-a7dfc0e24ff8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:41aa33d7-995e-53a6-bf00-f68363a1b361", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b9ef67a-24c6-52c8-8cfb-a18cdb1f72b9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2309406b-ef67-5d66-946f-3b5589c33395", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4fa8a879-b545-5de0-b174-d3771fa1685d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39b33fa2-8003-5a45-94c2-8e6c1d92ba03", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:764087c8-acaf-5e86-ba38-c37efa809847", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d7f603d-4294-540a-a2b2-bfc6b0b5718f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aabec403-3721-5c03-8926-87474630147e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1fd65d5c-82c8-5f04-966e-089277c1893e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d37616a1-b87f-5dbc-8bb7-3ce71e8b430f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf4e8cd8-8684-556c-ac7a-bbc7cd1da8ef", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2777b4c7-d66b-5463-a991-8e4010aa2089", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60a0be62-07c7-59d8-908d-4f0c31f72256", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee2f79d7-eb09-522c-bec1-980f8bed06e1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.4" } ] }