{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:12dd6cbe-a7bc-5f33-82df-acb6320b1985", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:75baec15-6960-5727-8ba8-f97d167229ab", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bab8fec-a8db-567f-8a13-5b95a95a886f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1fbcd180-68a4-5055-a373-66294018aefd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86d17760-9dc4-5359-91a6-c753a7e920b2", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:412c52a4-4e94-5c84-a07d-7d9cb9a880d9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b28bc54b-f1de-55ca-bc20-2e89edd5eabc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43fd0d56-6c7a-5a79-b697-87d65d439c9b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b57ac9b8-ea8a-57d2-bad5-66fc358e396d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1ece4a7-585a-5579-8ecb-9af2fd4a8a77", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d1244107-e7df-5cd5-b794-ba0cd890a78b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed8c23df-b7db-522d-a0e1-8acbe28d118f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbda9775-9137-5f00-866e-7d7fb99bcca0", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fda78d0b-94e2-5d8a-ac2a-f516300411fc", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7815548-1900-5725-a2d8-788a806b8d60", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3458327-442d-5682-9b76-73feca5fb656", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffb70ee5-06cf-58c3-835a-4b6b6bbd8b62", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:399bf2af-8cdf-536f-aeee-fe81c9a49e11", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b434446-f696-5569-9c69-737b6104693c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:290a1078-28e5-57d4-9a18-49a637c36ebf", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6cca617-fd8b-54f6-9c8a-7c5a0029f74b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0182951a-680c-59ec-bf93-6b76b89c04ce", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30a796da-7806-5a78-9dfb-6842d47472af", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49282f41-5817-5592-a80e-90387ac86b2e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ed4a39f-a153-570b-8b97-e3797a42a1df", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:530530ab-c69e-5dbc-8184-6457700d13f1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d42a3936-ffef-56ef-bc9b-cec88973dff3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c4ebca4-801f-5dab-957e-7189038ad33b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0db41c8-a8ce-5b57-8850-42c9715dccd6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f52e4b8a-23e6-5511-89c7-a3b56a5319ba", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16b665c8-d501-56ff-80f9-675602e00709", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df86def8-3b1e-5f12-bc00-2230b5c5851c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f2d9c7f-2ffc-515e-a62b-35b967ebac52", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2c50033-6fc9-5eb2-a35b-48c0722f72e9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f90e9603-3ee2-5114-8f48-dba10433901f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bce38692-8ef7-5c7a-b128-19acbe84135f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca3dafdd-ddb4-5b87-8e69-bf328bbeaa29", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f677b00-c96e-5c9e-9bc0-d6bfafe82d33", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.27-tuxcare.3" } ] }