{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:572f80ae-3abf-58d9-b01a-671e0cc81987", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c67904fe-53d8-5fe0-a70d-42c9e9782516", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ba7ebb0-05d5-542c-9912-ab65f14d772d", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6852e5c2-3cb9-54ef-9951-7ac06b6be1c4", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4931275a-e63b-57e1-9032-c43553e56490", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec645df7-d38c-588d-b7f4-704162168bd9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11b4a15c-5539-5ab5-afd8-cc18c36422c0", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3988871e-2418-5aef-ac3f-621ffd42275d", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed06e6a5-7475-59fc-8608-b61bee154923", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87f4be58-d10a-5be0-85f5-68ae628a28e7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac981221-0196-5974-a626-491660c74467", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de042cec-4d6a-5d12-a5a7-7d7e8b1ed35f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:132e1043-7359-5e42-bb0f-4724f978a69e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2762dbc-5032-5d07-b76e-681a687224a9", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ba11d29-16ae-5766-a5ea-19e84c5b3de5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9de9702-6eb6-5a48-b4b7-a6370e8a0dfb", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7c94d0c-24eb-5864-a4b1-eb7b4d6de194", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a816e75b-14b9-5c66-b0d5-39e596677f89", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:acb229b6-b6bf-5f5f-9768-0d3759c8c4ee", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71e7fea8-7c8d-527b-91b8-1fd09ff2e52c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d0ec0af-5bdf-50fc-aca7-835d81af01b8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89627738-e626-5450-8f4c-7dd6558433e3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0717f692-cdf6-523c-859d-8790f389d029", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c519c09-73df-5b49-be8a-c56dab746914", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a7345d1-b08a-5f17-8ef4-ab46614b2412", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ae73829-b304-5cc6-b7c6-092b01fa981e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b37a834e-7812-5a1d-ba92-6689f2bd1033", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35f7e0b3-276e-50d1-95dd-2c32d6c3df31", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f77f8ae2-52e2-5879-81f1-b99a04a1c4e2", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80a06004-a451-52a8-bce5-892f62d3e4ce", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98bf6760-792b-5040-bfd7-b940236ca7cb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07554ccc-cd59-5f7a-876d-30e3619f7ab7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c6a6519-8c77-5734-92c0-16d7795e9e88", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3bd0fe0-8a38-5f9f-a381-de6bb30302a1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adc1092e-3771-59ee-a213-1996125ed655", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83e8a733-95fa-548b-ac03-198dc6a961bf", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c9abc44-be1d-5c8a-9e1d-60e2a730dfff", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5095bf54-c3df-58bf-bf08-95e49e0074ac", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.1" } ] }