{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ccdf6126-7c0b-52ca-a00f-c68919a46b7b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "5.3.39.tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9d7653c6-3b52-5cc8-b598-d6490b5e8f89", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5666873a-0fba-5da3-a853-f9640673897d", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c4a18f44-ca0f-56c6-a8c0-8253b3ff5e79", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7c36ae43-9714-57a2-9532-a00fe28df32f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:408dd682-88dd-5128-a3b8-79b47b5a99d6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d01efa1-2a6b-5e70-93bc-cf5a8788611a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:802c754a-f95f-524d-b9a5-1666e35af75a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:78010412-9226-5981-a091-b4bae6dbfe48", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-indexer 5.3.39.tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab740376-c699-5b16-9512-87557aa6001f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e4ad9df-8b7e-520b-8043-69b4bedc2692", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:af8a5f6c-b118-5811-b15d-19696d75d2ec", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7045f3d9-306a-55e4-9ba3-5eae23e256c8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a1655273-75bb-5e9e-9d21-b73487bab2c0", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ea926d6-dc5d-535f-996d-bdbc1483d78f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c6e4afd-4a09-5c97-a7ed-08b8fe3895bd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f48f2593-2fcd-5adb-a45e-69c67a5d54d9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:306da9ba-5d79-5275-a5d2-defcf0b730c9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:79f1088f-c34a-5fda-8b21-edc11819e664", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b14ca8c5-4279-5609-95a4-5d5a7073ee85", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1388065a-9423-50ea-9059-f324666865c1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7694265-eb94-58ca-bcc0-c0d29de6bbc0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fede9055-be59-5497-b55b-5f0f5b92de88", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08866efc-d410-5cba-9723-9598f40077f6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:abbcce35-cbc8-5aa2-9d1a-189238c0c2c9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5752d734-ce26-50f0-9f8e-b15b7eeb447c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6918a8b8-6c01-5dd7-a9aa-a35ba216ffef", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:53399545-e2b5-52e8-a25e-439dcc7bf47e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:97bb9e82-8d30-576b-9201-5f88cd7a31f2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c17d503a-b846-5a29-a418-8ca30d33b335", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9056a76d-9f26-5518-b4d5-deb0e4ac2a1d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6c9930f0-d1a3-5fe0-885e-24ccccf5bcee", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce520ba3-822b-5833-b083-4ef211124ba5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c96b032b-ef18-597a-b7cf-74d341537c22", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.5 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@5.3.39.tuxcare.5" } ] }