{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ecd320a9-9c7b-5151-a27d-36f12bfcad50", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.39-tuxcare.12", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:67d7f600-a69c-5124-b0d1-d554dd8d39a2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:67a6625e-33fc-5f2d-b09f-014308522e4c", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:0e660ecb-f272-563b-8aa6-6e51a56cc5a3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9a73aac3-03a1-531d-bafe-bd935ef15a15", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9b6b9274-0851-59a2-9872-b77304d4a29e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:bb0b0d19-ca58-5a6a-82a9-700f7d37ae7f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:d2e694e6-1516-5da1-830e-0fcad19e0aff", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:2fcd7da8-2917-51a3-a847-fb961179d67a", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.39-tuxcare.12." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:7e115530-e54c-52c6-bd53-d760a4fea881", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:97cf7669-76af-58e1-8cd5-e64b175a9a96", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:94700a08-95e4-5640-9ab9-a514e1bec339", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6588ec97-d587-507c-ae31-8d0b50a4652a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6e3834eb-dfad-5efd-83a1-7bdcb6652fd3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:778a5a7f-e6c1-5e12-8a1a-3ca6fdf2d141", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9afe8ac0-58f1-5f26-a6ed-c1d56a0e7e2f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:bc82c2c2-441e-5bc1-97fc-8ff603bbadb0", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:4f4a177b-e830-5c19-b4ba-60451691aa35", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:662c7273-0214-5074-ab0c-b481f5f059f2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:4e8adb53-f5a4-5781-a604-e30f0d138bdc", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:37e186a1-7ab7-5b85-90a2-6a2d3466eaea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6f0b2acf-bdc7-5a67-97e1-6a9df72079a2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6085fdf5-cbd2-5846-99b3-46388a6f3f13", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:a98e12ba-a873-5680-a40a-44f9f4246e0a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:ba7e42e1-91c7-53b2-bf89-0491c876db9a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:99a56a26-92ab-5ccf-9222-f3be2a40c7b4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:73c6b451-af4b-59a3-8c0d-75299de4dc99", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9be280b1-143e-5205-8813-d58e2acf221c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:21633a07-5311-5cdc-b39f-72a22f2f93d2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:8d6fa4f3-6241-5da5-b07a-47199751f2ab", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:72653438-7a4b-5be7-91f8-e2d3402243df", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:76cff600-1d28-5c10-8387-21965d3981b8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:da616d4e-4fa6-5cbc-89df-14ae698f0d7d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:1c86f929-6791-5627-b0c4-59ccc7b10889", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.12 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39-tuxcare.12" } ] }