{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ee6f4773-a8bc-5249-b5bc-9dfd125cf9f4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10daf104-5942-5b47-9222-5046d2c73a38", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cc3c05f6-f8f5-5e43-b4a5-f60007f37b14", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dcb1bd2b-d195-55fe-bf35-3ba91b6a2327", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:57585265-5530-5cb8-9ee0-044acd1eae7b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8846257f-df32-5e47-b5cb-d04da11c0fc8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cc6a61c7-2cf3-5e64-80fc-2899680f6e3a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:111f17b6-47c5-5303-aa65-43dd3df2bb8f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c428b5a7-48da-5711-bc6f-da369d5037aa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07004436-f510-5518-9ae8-099ad7cbaed5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7b17e17-a627-500c-8045-6b88cbd645b6", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2db55b04-8752-511f-94b3-2a11d1292014", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b4c20e1-6ccc-5502-9cba-24834b55ee91", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54016557-e6f3-5505-971b-7384a1b4fcfa", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea66d927-62d3-5347-a277-c3e1cf20cf83", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:17b2a9fc-c96b-5982-93f0-eb0cc1746f76", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1c653106-b58b-5e52-ac17-6680441bf807", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a870fb1-819e-550f-967d-f19e78d72146", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6a3ef0c5-f4f8-552c-8c8d-e97ed8d88fcc", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5714c682-6400-5d6e-96b3-57b7f1696448", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:014b8d16-6b52-51cb-8000-c91ab940edcb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e47890dc-dfd6-520c-a58a-d3781d05202d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed782a1d-311c-56e4-99d1-f89128ffbf20", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f616f96c-e3a9-5fdb-914f-2f062f7b5e6b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1151aa5c-2dac-5088-ae7b-968841f6a65c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:210aadee-d332-527e-8750-59fb387188a2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:10227661-f84f-52a7-a8db-f37f6ab1a7ef", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73f138d3-2878-5f62-9d1e-178590353fe8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7fcf5ff1-9f82-5c4a-a4f3-f0730899c1b9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ef44228e-2f79-5f12-931b-634ffff3c5ac", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3fb1fec4-fc3f-56cf-a3c4-4e10c270c62a", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b0ff101b-6423-5225-933f-2338af243cde", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f667e83c-c9bf-5e49-9385-22d2ca90a14c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b617cc35-735f-5fd2-a3f1-dcd33823a74c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ba1f5a0-4af2-5ec9-bfd4-04f07617e778", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6b6a2fe6-332b-5cb1-815f-ebbc7309d17c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8049efa7-b200-5535-98d0-30718c2a1cfb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d747e21-efdf-572c-81f5-3ce002ff10c3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27-tuxcare.5" } ] }