{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3c66914d-8497-55d1-81a4-4421e8dc6803", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.39.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:46d1642c-5888-53d6-8d3a-1462b757cb7a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e7d5b44-c753-5343-89a8-ed8da78cdcc3", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b66934f9-b037-53a1-a490-19dae0942fff", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0bddc24-0157-57c2-b478-79f65295b4ea", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c60fd97-bf16-5d8f-9be0-c79fd8082ca9", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:173fe941-2a9c-5b2d-99a2-c89a1d488327", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a95fca3-e590-5067-b201-60c367557daa", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cedfa51-6da0-5700-a8a6-5311f644a1cc", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.39.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d962f774-a67a-5e2c-bcd0-6157f1065203", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c8b127b-a7ce-5ca4-96fc-5f17374c9d1b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:958bb3e5-1871-57e2-b284-c96dace1851f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21810fc0-a60a-5d79-b6b4-866a4ddf4a1c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:707573a0-a75a-55ae-ad64-bb6c014938d6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84373cf9-5957-589f-8046-615b9fa00293", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:474c306e-d1f3-5335-b746-1da7f35fafb5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:480f82b9-6a10-5604-9ab6-64c5d8c3ea7a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea909a6b-2bb9-5cc7-97fa-5ae4a0f708f2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7756e801-4980-5799-8333-5f1cbab66c69", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:005458f9-b739-5e58-8123-0a92e3602ede", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45b96429-516c-5b3f-8127-962b68dad593", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71ec80ef-7ce1-58b9-baac-c3a175a9bd33", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cdc90c0-b279-5bb2-8659-040b4ddb0116", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ae29872-5463-57c4-b905-6f8cf04d26f8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efadc211-02e2-5444-93a2-2eae75dd8916", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24cfc5e0-871b-58b4-ac88-e874bc486819", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f2cd78c-850e-5524-9eb6-6417f118334d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:190d1c1d-016f-54e9-bf44-4541c385c45a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63155d6b-703f-57f8-9da9-22a43535651d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10c17d63-9e19-5848-b13b-e034a72101e8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77678f8b-fd9c-5000-a92b-a57453e78771", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04c1c1d5-6268-5a89-9081-1b14c58fb572", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15051407-0c12-5df6-b820-4e9e3fbb012a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd5ac544-a5b9-574b-bd17-d33f4d361299", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.1" } ] }