{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3489a066-8c96-5a63-ad8c-c192096e83fc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:40e7d8fd-d6ba-5d21-9e4a-e122b5bfb532", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40a8b732-d044-59c5-a5e6-adcb2dbeb704", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6271d8e9-f2e6-5f1d-a6d1-d15f4194755d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7f349aa-af09-5331-be3c-76197978d1dc", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32ac649c-05b8-5394-9abe-da8274ed2602", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78be616d-3b78-50ab-9c82-8a02c31f97f9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7fc325c3-4949-5e25-a624-c9f1d151b410", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b0f0cf20-9e79-5ec8-a782-cd889eb0ece3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b289431a-f182-5e37-bc95-a524d86233bc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:186bd168-47da-5f04-8183-02a5dd717027", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cef11615-c3f4-53fa-83b3-4df85d678c39", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:087f54b5-17e7-5a56-99c1-9649792cb482", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77b46582-aeeb-5d7b-bffb-4ca73d60a442", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e33d25f-0f0d-5948-9a96-8d7bf1230e89", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ffe1c986-02c4-5607-ba77-38a0144385e6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:985b3107-b4bc-52dc-995e-ddd288f4b9fc", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85f6dd05-0c7e-5c83-8ac1-df0879ad0ed1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b25d65f4-1cbb-590d-8800-8723ef3159aa", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31558d3c-f760-55a5-b413-a1ab8d327048", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd56c998-75f7-54dd-9f3b-8b3714672389", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1715e0a6-077f-5bcd-90d3-13c3ee9dcaab", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0461643-4fbf-5088-9558-991932078dc6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0876c78-aa5e-5ea2-91d7-eed59395d99b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dcbbe206-43c9-5cf4-adff-ba6a0d367b4a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78756319-f52a-55d2-be7f-e55c6dc638fc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93b7f464-cbe1-5622-a51a-543c1044d831", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20d03ae5-f29c-5ecf-b189-b2409820e8fa", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:36ed1e87-daae-5d56-a71b-6a2d57612597", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a83f64c-6303-54db-9a58-e48adf57eb41", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67eb1a31-822f-5235-a348-a5f18470f5f1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02ee86e8-cc8d-5bb6-ab02-84215c05df0b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9e8d5ec-98fb-5f12-87af-772353b452f0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61736a30-2a49-5140-803f-0f316008d611", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e0a1c6f-6242-553c-adb7-33db70b33bbc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:331f3d00-fb0b-5ac3-a468-9e3fd64ff8b8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fe474b1-7562-5502-b018-f681f5ebb8b2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:652cdb59-7c8a-57bc-a124-afc020db7435", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.29-tuxcare.4" } ] }