{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2876d191-a080-5eaa-9ce0-30eac804ee76", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.39.tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c866f08-5da1-59b7-9bec-0f07010ba4c4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cdcc718-3627-5344-8577-b29b671c394d", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f83dc876-0fa5-59a7-b2ef-34b3c3e8ffe0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2494c731-f806-5b36-9c48-8ab6bce8a799", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2768ac69-b645-5336-8ed9-20db2ca9dc27", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70775156-2ed8-59bb-be97-f8ab2f2da3b0", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ad91569-d9bf-54e9-8e65-3cbab64047ea", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e1f765b-a515-5141-bad4-1bf67fd8e345", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.39.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a03b482c-3cf6-5dc1-a457-1a4d0192e0d1", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4bc1fde-5d22-5113-ae34-f5355f428fad", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2cafd9c0-3692-5b95-bab3-619de1aa6fcf", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5906224a-3b38-5edd-b3a3-281c381517b1", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84b007f4-748a-50ad-9713-79936e415a4c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e71a719-6493-5e1f-905f-b74a4d1a4bd1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2e3df7e-195c-5da3-8141-4cf1a4687d43", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a5cbeb4-9702-5938-9b48-4f30061f7017", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79ce8cc9-32e6-5a01-a6ef-57210ead355d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ebd447b3-f857-52e8-9601-5357de08bbb8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca217d07-4f1a-5617-bbab-85b6b2d3c300", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7fb9843f-665f-5c38-858a-cbe65bfadb53", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc702734-514e-5cf4-8479-70dcca22cdf3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f0ed512-2034-5fa3-b261-a4cbae7e92ea", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:797ea4f4-5f7b-54ca-8645-cd5bd475fc25", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bee5b82-4ab6-50f3-8165-54a9f0cc9ee6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10ffe83e-0061-5a7d-bd60-e462413b5d96", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf3cb4da-3096-56e3-a4e3-e0debb7bb05f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:017e1b23-78da-5d72-b753-730a8da27aa9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64c5fc6c-82ce-5ee5-a1e8-9bbb0a4dfed1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:212c13f8-79ac-503d-82e4-242a743f29a0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c47b7f3e-4d5e-5f94-b60c-6f16ffd8f067", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95893a91-3ffb-52da-8217-18d4c7215aeb", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a975a11-f796-58d1-9ad6-9b0ea295353c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4513ac73-9ad4-5d6a-a973-1ffe7e6bf68f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.3 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.3" } ] }