{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3267b631-87d8-5a8f-a318-f2f8dbf641ca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c4692bad-b5d6-54b2-860a-c4bae7206647", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9db75194-508a-5a5d-9a2c-90dbc97a3dc9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c471208f-8e5e-59f9-a465-44064b70b577", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8a469ea-f11a-5c8c-9495-515b8bd10c8a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6899388-2679-5e42-906a-5ea3939050c9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f89ee101-95c7-53ab-aaf8-fcb1e65c0360", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23e8afc7-0e35-57ef-8d3a-20006c3222f6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ce62b27-d424-5341-a362-117ce0b09d49", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a62c9b71-1617-58de-b64d-817357d88043", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85a00392-8717-550a-b50d-2c2f22848494", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88d9f182-0088-5f3d-801f-7148dae275df", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82278bd5-bfc5-521e-8a34-76e6c9d96c24", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efda5ddd-f7d0-5f9d-aa96-0985405943f2", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89df4e2c-bc4c-57a4-ab38-e1875e8255b8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3d1fc6f-4323-5710-8714-9945a99a9d76", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1cb268b5-7613-50a3-abe6-855add722c3c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:664cd23e-1bbe-564a-bfb3-ce1253880f04", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4d0d742-2959-5884-a9a2-009601e4ebe1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de76459a-5883-5b32-8dc5-27bf73f280ea", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da1ab465-63d3-54bd-b7e6-542632709e20", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ceecd95-bac6-5aed-b80e-9122fc09d469", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9cbdf4c4-7727-5803-8a7a-0dd1756d3cd6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f49f9959-9225-5128-b84a-676f93b68259", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d79e526-2fe3-555b-a6bd-8e6416b5a56e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfe84ae5-cc2c-56a3-bcaf-5fd935af30f0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d5923e9-0fdd-5859-983f-edf51e837ad4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a9bd971-61c9-5855-b281-efcb22192ced", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63cb6e38-2a4e-5e34-85c9-6b670fc42ae6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a85604b-a6e1-5783-9e50-9819a566ff74", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49df2360-837d-5d9e-a4bc-90edfafd6040", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0bb3e73-1afb-5e06-b1bb-2de3d1d729dc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44d2e3c5-d80a-5757-974e-95aced74d847", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7366d8a-9e22-51c2-9376-3fa272ba74f0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce519352-0f33-585f-9de0-84b91f0ff828", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:357f54af-3c4f-59c9-9db7-e927da2975a1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2336595-476c-5bf9-ad4c-3bb98686f3ca", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81a0c488-e063-5ee0-860d-66424434347b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.3" } ] }