{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eab6b308-3eed-54ec-b34c-2fb63119da46", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d9d052e0-3878-59e4-8e33-997f6ad8da46", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67781fa8-6744-5925-a7c5-433ded2a1c47", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b057b294-6895-5d2d-bf32-988f7bbcf0ca", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a86b4fa4-4e8c-5914-991a-6e27e8379f50", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bb74a01a-e881-5ae8-bc48-571a6ed2d5f0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f14b36c8-f3b3-5375-aa9d-73756ca6e62a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b1c4a3a-2319-524b-b480-17d0435a61dd", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b83085d3-3534-5a95-a85d-7c884c2a8f99", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ad412be-65c5-5d7c-86be-11186d6e399f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bdcb5d2a-ca9a-5ade-a67b-2f763153458c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5deb2c34-e507-58c4-a3eb-4ae7acf82c3e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:31116972-de42-525a-910f-984faa09f3a6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3c766745-df23-5f01-a095-71a61c701856", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7781e9bf-1b1f-5e5f-8a10-56783874d965", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:021129c6-0da0-59d8-bf53-f7687cb72653", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cdb84b6b-2b69-57c0-9b12-8202f9c14c3c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b414954-ac62-59f0-bfc5-fa3e4d293600", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:50e91bb4-05f1-5139-9bd6-0b9bf1610929", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7857f63-84ad-542f-a78e-9fc6d7c58bf0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39482b25-6e60-5704-94f6-88f36dc6bd0c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:64f2b3c5-96a5-513d-a700-b618a389077a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3899d35d-8856-5f58-aa70-dd44e1c593b2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:59b48f1e-6f35-5948-a7a9-103732efe795", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b4edae0f-39c8-5f12-962d-ad1ea2c75955", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02ed0be3-68ac-526a-8798-72d67cb09cc3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:84f48340-3f2b-5b7b-8ab6-e43ef6dbc4eb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fd63b2b3-0fb7-5177-9d3e-20f0cfe2aa86", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:72ac4dff-9a3d-521d-8e7d-43dda9e3fdbd", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a5e80f41-2e3a-5750-b687-6da850bf4387", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7f98a51-6d7b-5b7c-b7e0-a3e2d6d87ddc", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b52d6af4-2b98-5bbb-a350-3887299a6316", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6862123-c180-5788-bdb0-368b0009385b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13701c25-7e51-5813-824e-b730969d35d3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2db564f6-fdfd-56e9-8a74-23ad36bcf333", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6fa2e464-737a-5035-b661-a12008aeef29", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6a08bbf-1849-5bae-a384-526bdd73b5d8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ef6a144f-7c33-50f2-b445-820b8bc6b949", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.5" } ] }