{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a3fa295f-f421-5edf-881d-1c5f6a93842f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b4018d30-7b92-5285-ac3c-67cc8d364f76", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a3de2e1-e932-5cb3-9691-46696448316b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f58d206a-84d1-561e-9cd7-6a5a67bffcf0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:756a7a9f-0ddd-5323-a60a-852039dee713", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c72fe377-efa0-5c35-95dd-f499405980e0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c85ec9f4-8d4e-50bc-bf5b-225307d121c7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:067d9558-3679-5db5-a966-729117f9b99e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44062828-c8ae-5b3c-9b8a-97168a5729eb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ddf9b01-7a08-5657-9461-9f9e95ba615f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28b54c29-34e4-554b-8c7f-e711061d231c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79d9093f-3da8-5110-84bd-e58cf0be2383", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8caf9649-6bf7-5eea-af6c-f1e9e6db9091", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eefeb5a1-b831-5d0a-9512-6de4326ab912", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:745c6e4c-dd50-5472-af53-2342ac3f9711", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53866d64-8bd1-5c05-b19e-c0eaffab89dc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e81badf-0363-5bed-80a3-2db9bdea364c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c303fc7e-f58d-5d32-b02e-db44ab36d203", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e28d0d0d-c84c-5ac7-ae7d-5e89d1850b4a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09de7a5f-01e9-5456-aa26-a216118755ee", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c47ea63-0670-512d-ad61-caeb4077b25b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:143d6f4a-78aa-5718-bdcc-f86af0f39f6e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b050a93f-e14b-5c89-8ab5-2b4e96ffe640", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0184eba6-e6f8-5611-bdaa-6b41d0b79ada", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32b54c04-eec3-563d-abdf-bf94f6b217b4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:930e09a1-9f3e-5cab-b594-4becc6aac0fd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:24ebd57f-8dac-5955-88c4-ec8e72cc956f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:547426dc-c0a4-5240-80e2-31374bfaa5c4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:562cb02c-4754-5144-b9f8-0c2b57fbf56c", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32ba769c-e899-5fb4-be10-32454fe6456f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9096fdac-3a44-5d34-b011-a90ca58a1c23", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ca43cf4-29ca-5d25-a051-789dcd6db0e3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1a1062a-cba3-5d98-9f51-8fe0d8a60691", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15a5dd76-ea20-5c90-bb99-cd94ba7ccc58", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c9c8543-0962-50a9-b16d-6082f5b156d7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e7ec284b-1798-557f-b691-08a14f2a070b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd17672e-c5b1-59ce-a99e-052b594e2d0b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1a7c38d-5ad9-5006-a6a5-7587df9a8e69", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.4" } ] }