{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6f8c9ec2-7acb-55a0-9783-f55f046d016d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a403edc-d58f-53bf-80e6-261af6e416f8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94f40c57-cfb2-544f-90a6-9c17210598d6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bf02006-2954-500b-afb6-9664fc279321", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:782f5f18-e715-5918-9cde-87b45f19e38c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a94d860-f2aa-593e-9f87-9f870cb6059e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6186d98b-9d5d-5a94-a7f3-3ba7729defc5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f732e6f-da77-5617-89ce-953844e429ca", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9fbe592b-2563-563f-bbf1-d4b4792ab03b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18819314-8139-59de-97e3-e5d658fc38f3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37a6a022-5e06-55bd-a064-ed403841c2dc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38e981e7-7632-58f4-a493-fdc1048f94fa", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65589adb-37b6-5644-8377-3654f20cb4af", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d20f6a2-b388-5379-b47d-fc9289be8497", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:637f3303-87b6-50b8-ad4f-22656967bc3b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e8b4ca0-29fa-539d-849d-ded9b6eb86e1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63763b7c-a432-57a3-9712-a9274f4481fa", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d8d2e65-8385-57df-8be2-7f9008b4608d", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4903d9a-a109-54db-831d-5a34f7b95660", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90c48fbb-4cdd-54b9-9bc4-14d2170e692e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d64274f-0d28-5dc8-90d4-b2f51b5a46e3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a48c89d-b2fb-55d9-bf45-8ea290971056", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89ef17b9-f1b2-5439-ab0d-0f094a28e50c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63ad5480-91d2-549a-9b80-e05190f140c3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e95f2a2-8a85-543c-bfcf-beca2ed8e884", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9216ec36-fbbd-57ed-a3e8-38da15695cce", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d9f802a-44e3-5408-b0cb-1f6dba519e08", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:395d4093-a99f-5045-b201-575e28802b7e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e0a9195-f8a0-5ff3-8cff-ca98469e1d53", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da4785ab-ab07-5ff2-9c4f-ef4811650548", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:853eafca-fea7-54e7-8b9a-8528293746a5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dc1d346-6201-559c-bb65-18a8257b3cfa", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28789d4c-ada4-5fc0-b972-3e41c48bfb6d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcb183d3-f9c9-586e-ae6c-e6eb6659b3d8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bdf218b-0f35-597a-b40a-b9ea6d677040", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a09793c-f736-50f2-ba32-134894746392", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6523261-9e7d-5898-a873-c1a4929d6655", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3888595-92f5-5c01-b3c8-fd18963c960b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31-tuxcare.2" } ] }