{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0dcc4958-4090-542c-8b81-9595a62eac09", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:983775c3-9d99-5740-94a0-8e8777965bc0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5c4f25f-6a16-5cce-b8bf-44a5167161d9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17faea49-1105-53c8-b7bc-b2064851437f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecf19084-e369-5982-9a34-bfda1826370d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b7f93f0-8fb2-500e-ab4d-8290538d357f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f27e876-2e46-5505-9eb2-559f3092129b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5af8c902-8e44-5ed4-a189-9f9a49d11d37", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7bae8f0-55fa-53c2-b0b0-0a0f7c35b850", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28a38656-602f-512b-a2e2-a01087e0dbda", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54d69f5d-9b53-539e-abcd-923a4111ece1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05a92b97-fed4-5227-8757-5df5c4fe105a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67fd26e4-2ab1-55a5-b2fa-6db51c982e81", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:464b0091-f1a9-5e6a-93bb-f67d84869098", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e01858b5-93bf-5ac1-8326-922afab8887a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ee57fb9-f3fd-55cd-ac49-e6b1fe7381e7", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c7c4d28-c1f2-557e-b8f0-a67d4262be22", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78a14c6f-dccb-5ea2-a500-d6ab5c51b567", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8902c528-4c7c-53ff-b38e-7b1e94936238", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:460a5eab-7963-5e4f-a0f7-0e19b7ea0ffd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdcf5b28-39c4-582d-9cfc-f6b5b8b23fb4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f26b097-dae6-5dfc-9dd1-62c20bd5140c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37f1e43d-d6c1-567e-b94d-118a5c7067d3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5104f1cb-6bf0-5626-8f87-65e9ba2e8201", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e253fa9c-fb05-5ae9-ba8c-6d3314bcb045", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af1527f0-dbce-57f1-927c-5d62b56227bf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:948be2ed-baee-5069-a537-ade44351c033", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fa4ae0c-6d8a-57a6-9759-2b9bb575d1b5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4bc2a35-da5c-5071-bbe5-efac835ff939", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:588cf624-e6b9-5fa7-a951-c7cfe88ae91a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0f7d075-6c5c-5ac3-adc1-dc97706a608b", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa02af76-6126-51e9-a065-3103b59565ff", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a563a907-7654-52b6-95e8-d42b97c76fb6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efdf0307-de17-5a66-a200-e6fa32dfe57c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca0fc879-6515-5be6-951e-c122cde9b9f8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40542a49-7ca9-558a-8655-41744c695145", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e999c50d-1827-561e-961f-35ed47c49ddb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca01329f-e7fb-516b-a658-87ac08b9bc55", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.2" } ] }