{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cba154b7-0e7a-55f7-9f89-d218de9f84f6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f50a82cb-1713-52ca-93d9-fd32a5f4c8b2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37704530-bb05-5f46-9f3c-b81754c731ba", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5373bd22-a61e-59c0-a632-cfe0bc7f7cef", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c729714-d73b-5382-a5cf-761190384c99", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0bcbb19c-d12e-5994-a49a-7bf67b9ef890", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd59d5e2-df89-5381-9cb3-cb85fa6ad7af", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4b9ba70-5c4c-53eb-9aa1-f835fb5c9c60", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b14ebddf-13e9-5922-9b7f-dfe398a47f5f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88e9861f-ef83-5cea-999d-37b0bd7bc386", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94859f52-ab86-5718-b6e9-f28109d0c5fe", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52d0bd1c-2726-500c-b934-2e08c7be6e9e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52470eda-d42e-5e5b-a4af-3a5cb7fea615", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:446c2ea3-ab78-598d-a110-927385fd196f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c22788b8-90a9-55d6-aee9-873e442bbdbe", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a33765f8-d280-54e4-9395-4a069a122802", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8adb3ef0-c82e-582b-ba7b-7e12707c4a6b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4594927-614c-5fda-939d-b13ec4c4c986", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a1005df-6220-52ea-b92d-cbc9ff52be7b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dad5b975-741d-5e85-98a9-67758a6c10cc", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d38d268e-b310-544c-b7c8-53bc332f5662", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91bd8bc8-b2a4-52e4-9d69-20f1645f2896", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfb37ad7-9751-5447-97c1-9fe4894c402f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36957647-772d-5a1e-8d64-f40da61dcc26", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7555cfb9-e487-5499-b62e-bcd4c606b66c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4156933-7e2b-50d2-b7e6-e01d1cccb401", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9d884f1-7d41-5dd2-8710-5774360adb66", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0f4976d-0c2f-5248-a04e-41a74fc1b389", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d431eb77-a0ec-519c-8937-5a5678a3eaab", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:780d0113-c2fb-5348-8a78-830810888d48", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ddd49c5-54e3-5ec6-8849-b316954f9a1f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb3243c1-e62c-5a0a-9490-bcde23242867", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6afe54d5-1c22-5fde-83d7-7f3a19173f34", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2979081a-da69-51a9-ba9e-da75c81c743e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea54d9e4-8558-5600-9cbf-ca34e670e131", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f190d6d7-fe35-5ebc-8381-f849f852de57", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9059ab32-6445-5646-8d3c-8d57ad621e06", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7387cd7e-e805-5695-8271-a095f479ef1b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31-tuxcare.2" } ] }