{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b0e5e24-e822-5d66-bee2-556cb4f8979d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1a91f6e5-f7b4-5593-892a-1c7e73b31903", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:348684fe-afce-54b2-a16d-9347b196636a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0900dc22-d250-5e38-8eda-1ff2c572cf2f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:914fb857-9b47-5277-ac3f-976b1e01e149", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad8aa716-d39a-5294-953b-607acd33d6ef", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dcf82819-653a-5175-b212-5cd68de85f65", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38ba2ce1-a50b-5368-a9c1-ce859efc18c6", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80915c43-0e65-5bff-81bf-a0582079d0a4", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4921dfd0-7cd2-5d99-90ed-b8be5af80129", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdb2c7ef-bea0-5f3b-802b-4093c59dd2d5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b990fa6-66e7-5e80-9f68-cd1a90acb85c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60f3913f-0edc-5535-91f8-9781c9f34444", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3019fb6c-3010-5c3d-bbb0-c29717fd2430", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39194fa5-2bbd-5da5-8dbd-976c2250963b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e64eb42-cc3f-5d05-9fe7-c4da4f098e83", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61aa4797-57be-5362-9339-b37ddc2d3f23", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c74ae239-5199-575e-97d0-29ed221dc8f6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfd5c4d0-b733-56fb-9c91-dba0cbebb5bb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d273b36-51ce-5381-a19c-13c8881f4ab7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a49168a5-a473-59a6-8377-1a96ba803320", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85edebec-cca9-5b2f-9382-8939286ed6e3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f62021ab-52c9-5053-b034-37a2a75c4ac1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27485f49-3ff0-5b1f-9ef8-56cfa10c1142", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:701f4b25-9ebf-5e08-ba52-0105ed926119", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2ddca9f-25d2-5a53-9465-ef053de5f464", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a749546-eebe-562e-9ba4-b11154ce6cc7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85313ef3-41e8-57cd-81dd-786a87e4ec80", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:490df206-adfe-5e0e-a55a-fdce537362ab", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4dbfb02-36b6-59d8-80c7-94be8dfac7de", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9dd8495f-216d-5b4b-ae45-13969d10e0c1", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2db5b83d-4931-5046-b732-4782bfcbd75c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d172c803-4cb8-521a-8c07-54f0d447f1c0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72a729b3-4b91-5b4c-b2f6-cec8e1468de7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03a46e6b-5590-5f36-80cf-4bbde783e384", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c68c261-e731-5dc2-ae4a-0897dcc38cab", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d8cb050-7a3c-522f-baff-2fd2c52a7e64", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5703572-f063-5ed5-8005-66ad86afb278", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.27.tuxcare.1" } ] }