{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:831cf6e0-7823-52ce-b15a-a152a80eda5c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:335551b7-4fa5-5079-abed-6fadad8ad6d4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cc5320c-cf49-5179-af1c-51da46a126e9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65ae30d8-9198-5792-b996-046d80c225c6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:216697c8-31dc-58b6-85e4-8c4d7a6be029", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e89c9f53-8fe3-5f9c-b14e-232693042a55", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36c4a570-a4b3-5e0b-bab8-4b6feba159f8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08645713-dae5-520e-8762-59c764f29751", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29d8d5dc-72d1-5403-b386-259e060d4b09", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d651010-479b-5f49-a3d6-a1f2a604d0dd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1a5939b-099b-5e8f-867f-eddd93632318", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0373621-74ec-593b-983b-3e479efc123f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db282d48-03ca-5282-8063-2797f7d5fde9", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8827c61-ed74-5507-b50d-ce35516ea584", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c754445-d42c-5462-b403-22f656e6a2e8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cdb5b2d-1deb-50c7-918f-5f8c1cddbc89", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee0db6c0-28e3-5f55-b419-3a7b4b495dc4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc4a707f-5139-52d5-8b30-bbc7a2846e48", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4db8b9c3-02fe-573a-9bbc-667a6324dd4f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72521271-e6ea-5ae5-a177-c2ae8d9aa77c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd8f52ce-9b2f-5579-9f67-0bff0fe308be", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f37ead0b-a483-5a74-83a9-9dd6ef7cd7f0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b3d69ef-d6f2-57e8-91c0-7e1d6432b9b7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23ab2822-e306-55fa-a5f6-0c54a439f523", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0eec6804-7f73-5a06-82ae-e934f25c7e41", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb6b8d93-3494-547c-b10f-b34eefc4d6a8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:672d9615-a92e-580b-a4a4-09e8a0c663e6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a91bcd57-aaa6-5da9-b87d-d66898d62ff6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:235d67d2-5610-556d-847c-290827453b16", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a53d75b-e7e3-5afe-beaa-f7f0b0a3d596", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed5f8881-5c47-5732-b5f6-1ecf05f7ae90", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b5ab570-4890-58fc-adc9-cd3ac4182e27", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb10fb90-31d9-5a04-8144-48eebfaa6929", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b481ca63-329e-5d54-a85a-3624f7f95a3b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43a41dd3-3fad-5c16-8ce5-e8eee600528f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72f82ba9-66da-58f1-a9ce-62b5e1b48bba", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1959504-4d53-58cb-a6a3-692e78faeb76", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64fe8306-a779-5e76-9eb1-939679b67ab2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.1" } ] }