{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a94fc61a-60ff-51e5-9e11-c83bb5817cf5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a4ffb22-6634-535c-be8d-e13550198d8e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76d7fd56-4cbc-5880-a4eb-79bfbe10c7ff", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:035c464e-ec07-5bf1-a610-873d70ff4122", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9068a3f2-e5fd-5353-b693-4a4fecf22990", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:238ad4d9-a2bd-5b39-ab42-234b84f439bd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34c72e6c-570f-538f-8d0c-916148b6b982", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19647404-950a-5f78-8c6f-2861afd1e54d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d409d03-9574-57f4-bd8f-44fd5c267d88", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:698909ef-19d6-5538-934a-8f63d8b7d5ff", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a249f04e-cbda-53c8-ad85-309327ea9d4e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4c70080-b023-5236-ac97-8e20a17a7020", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de1d5cc5-e852-587b-914e-c60146adbe60", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e29308e-c728-58a2-88be-49ba8ef3a1ad", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d3feb13-95d6-5185-a11b-bafda5495058", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ae73af9-8a1b-5b88-8b6b-4d6d51b6af1e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e7fcccc9-e7c9-577f-9655-43c9fc200e4d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4bf8c1a4-bb2b-54fe-bae9-fda2a1ddd0a5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a58a5f62-1118-5c48-86a6-6a2fa88cf453", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3caf9b7-1f3a-5fb8-8dd4-a911b23108f7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d682c60-1e86-57c2-a5cb-772dc9aed4e2", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2aeb613c-4ea3-5691-ad30-7fad0b7223d8", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ead2bfd0-0f95-54d8-b00d-187e03294d30", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd60a204-e74f-5679-bc66-38ddb133eaad", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1d2b2a2-b143-5490-af77-31847f07a213", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:27e75797-a522-586f-a26d-2d049d009e06", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:319c898f-136b-5acf-a0f6-814d355faea8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab1eb3d7-2a86-56d3-8968-a1c2c25dcf58", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:459463d6-359c-5668-9d60-630266271097", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:763c6ce7-5b23-59c4-a002-ac70e149d516", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6cd182f-37cc-58a6-b2f7-8a45f151da34", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2604de27-99b8-50d8-a080-3e11cef9bdfe", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:154d7469-65d7-5e59-ae39-fbc473796a59", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2c22b3e-627c-5075-b554-2c913001e5c0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aa58c8bd-382b-52dc-b3a2-5ef6189430c5", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae45b590-2535-5758-a1f5-43a5730d1c63", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:194d2b35-6465-58e6-b82e-07989d0ddf13", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:234924ca-00a3-57ec-bc64-00d415507f73", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.4" } ] }