{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:90f9b7da-a9cc-55e8-ab93-3f63dba181c7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3e46ca5-92a4-5867-ba2b-cfbb93055253", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6d7c3a7e-04a1-5cc8-b57c-70e38a9d4e94", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8ec1bb32-a653-541d-9edb-b208500d0384", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fe5f7536-424b-56c0-bb7b-7e8edb5f2a70", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2b29a360-4129-5ae5-961e-55d21626c353", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4e576340-1e69-5a72-a63e-270d7648f4e8", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:67659b0f-2412-54ae-b049-31a3cd8fbac2", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fd38f836-04c7-5956-821c-892cb3ef8e77", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:385643ce-09c0-5302-909c-15b1bfb2e915", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:dad48b4d-b5ce-5337-b237-dfbf8eca5938", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c383d977-ae8a-5803-b969-2c555de759f0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7aa70757-4599-587d-aee2-e3a216afa8c2", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4a2662fc-cb34-5820-a036-73d00036f097", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:25defafd-10bc-58f9-a854-92a45225a84f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:20c85534-cc41-5bd4-9e3c-d3294cf87920", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7ec0fcb2-36f6-515d-91ba-98005f5d4026", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e7002ade-6e3b-5446-a297-360eaac9eb96", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8ce45a1f-a668-57c4-8e7c-513a732a67cd", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1e1f968c-761b-5791-b6d3-f4059ce88ddf", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bbf0e016-3950-5741-8cdc-76a0e072f2a5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f85b11b3-452b-502b-b28e-37b6c766239f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0f799901-cd21-5c46-84cb-e7e2433d9404", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e37710db-978a-5938-8dee-20c5cc006a8d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6be0fb75-b107-5f38-b47c-72ee1ba85b3b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:135e3efb-4e26-54a7-aa65-f1409dd22b3a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0615562f-4ccd-599f-9d70-72880a5ff0c9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b314d99b-859b-5fc7-a095-c12b41f5e44a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:51eea59e-96e8-5331-bf94-a55a4decc162", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3cad59b4-f6bf-5c9c-ba98-bb4fbd5a6e8b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:52a4ee1c-c402-5ec0-8f1b-b271e5dda1e6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3d0b96ac-ac54-58de-8dc6-7a5dca9efa32", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bb560ebf-1c4b-5f05-8ce7-c879e3a9d366", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:cf62b719-5186-591d-abbc-27fb27eb7ebf", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5c1baef1-6ae1-5aa3-87a2-9044296cd755", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9a9af4aa-e6f7-577b-9a2f-54c5381569c9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6a273015-6981-5632-ae39-2fc6240bb130", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b81f8266-7830-5e22-b7c0-d7133164a561", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.31.tuxcare" } ] }