{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ee7dc298-466c-508d-8173-ac65875919d6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e1b32f84-6e26-57f8-b650-9f58613b3d57", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e05eeb92-e5d7-5d4b-bf7b-7e2224110b4a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c5c5bea8-c253-560a-8efc-35dc6d82e6c5", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:639c098a-36d8-5732-b118-3e845dce3e8a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:64770abd-01f5-51d3-b5d5-caa4c5507afc", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:67bb0eae-0341-5983-96f9-b34a70e4ec90", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c3e62b7b-ce62-5a46-859b-489017fc8563", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:57afda6c-fc7a-5e98-8224-1555b226a5db", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:41058136-b494-5378-a417-bea85d0a634f", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ba002923-af9c-5646-b435-479f590f7159", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:732acdee-8d91-5979-961b-f48978b41235", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:88e65770-a477-5f47-9afa-cb5a6690ce4a", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:de2ab746-d87c-5b21-a4c9-b0cb9c310c5c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5ff40983-e90f-5004-bada-600d4f0e80d5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b60c100a-7987-50ea-a8c1-ea5eb6677629", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6aea94c4-3f9f-5797-9f80-bb8c8606042d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:faded85e-d43e-5f60-ad7d-7790a0f85624", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ccc78121-e87a-5929-9269-dad89f4a2f32", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:806b0def-bb9a-56a6-9836-5fe4bda6d4b7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d2a9e3ac-b314-5838-85e5-82918c26dacb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8c99aaae-f123-5ff4-a419-32f48f4e9c0b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9e2c2965-54e7-5f41-9b47-13da120809b0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:66dc79f2-a4cf-5fb5-a203-f55bdedcf3bb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d073d57a-6e56-5321-b041-64dd524b3dad", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:09ca3602-6052-5241-b376-591ecf4f9bb3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:dca53059-3845-5f3d-b6fb-1fd45f8f133b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:055b3794-4b80-5ae0-8c48-9e3c078f30fc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:983386a3-f8f3-5e43-84e6-65f7f477f4f7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:203676f3-e0cc-5666-9144-16a23e2f0623", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4597f9b4-0c51-5f30-865b-921f682643fa", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1e1c8ad9-4de8-5661-8683-f65d2e5d8a3b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2ad44059-0c40-54c4-b838-87b95964c911", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:01567c00-a93a-5a6c-a6e1-f38a5733590f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9a58d145-ba9e-5235-bc2f-d7308b0bfae2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7fb22432-dcf4-5a7e-ac8a-9ecfa7761630", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1c567f5b-b8db-5ca9-bcd9-f2aeb32ef67f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e845f471-5b40-53ee-ba12-4837ec7664ce", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@5.3.31.tuxcare" } ] }