{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:31f66411-3a89-587b-b893-d0eb510e5ad8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5d4ee63d-7643-5bd2-a255-c35ac83f207c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:600876c3-331c-530d-9935-795ffa089fa9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1751da40-4e1e-52b0-9ad0-3e468f005177", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e589860d-5724-5f52-b0e9-4719f1731969", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:818e429a-01e7-5d57-83fb-9b705175f8d0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:336e6635-7dc9-5543-a524-cc0e61b7b4e6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45739b2d-954d-523f-8c18-65e438b23a55", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7b7f35e-47a1-5496-b3f3-9699c964722c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90100bb7-1a82-570f-8415-af27487b3e07", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0aa4f74-9f97-5dd5-918e-7de5fee9177f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97f9e188-1b0e-5e2a-93f3-80e0b1afdec9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf05df91-558c-534b-bcd8-8d415daee301", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:924faaff-cc52-55d3-b019-820205a40ac8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7cbf3425-568a-51b6-991d-86ffa6ebf3f8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1960bf58-fd6d-5e6e-97ac-8b16d6420561", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0dd22e17-ffb9-5fb1-a9a2-2616b49138c4", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd432cd7-5ba2-5e79-b625-86ebf6d603d0", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a04923b-d9ca-5d83-91d9-c6796743e0ba", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf89209d-3c0f-5435-bbc5-ba2b6843e159", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39e07ce0-4bb9-532e-96f1-eb4a5323f6c1", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bd4b375-6ac1-593d-9907-efaaf847c1fc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd2c770d-a568-5328-8e95-bc523d75a188", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6a849dd-14d7-5527-97f8-e351ef81d359", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a3a4ba5-44fa-5c6a-8d4f-52249a78d1cf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e47504fc-2099-5b28-8c07-65e8b5688726", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b38e3a6c-6d0b-5847-a964-c0d2f90c33e1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c41d377d-50ab-54a2-90ce-19b07f9fc802", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc7e84c8-72ac-5ea0-a597-a18f704cbcb0", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:da13bc4f-6271-5fd6-b103-348019c41597", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c14a1f31-3cc8-5c7d-be41-6b162c70f034", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ed6950d-80ed-5254-a393-52e984cee0a7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d6f85a8-4072-54e9-bc78-8184e392af65", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d9ddd96-9da4-5c69-b68e-0301be94dc21", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d78f0ee7-231c-5b60-bb43-28427feb0b13", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25435721-3a90-5517-a4df-ee8179ae94c7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7877adf-78ba-53b6-add8-27250fc90b50", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9b5a7da-03f4-5421-8070-48cfb399dce3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.4" } ] }