{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0879f6be-4398-5b23-b0ac-46eed0b31834", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b8eb5d60-562c-5950-b6fc-6077d3c819c7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b61bdde5-a4e0-5de3-b524-95aa5bdf4a1a", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:921c19ef-a8bc-560f-b95e-fb8cdbffeff4", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31ea96e5-4601-5883-9911-762b15a4793c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3b198b9-44d0-5d16-9f4f-0246a4e2112c", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ca2c4da-8ebc-56b4-8798-78546333db5c", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:455184c7-dd23-5a45-9073-c90eed3274a3", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de417711-ce9f-59a9-b9fd-eec313f02510", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbc7c84c-cf39-54d4-9833-5c87b3b8fcfe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a3bca4a-c3dc-5e6f-a591-adc6ac8984d3", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5bd57868-773b-5a4b-9e00-234631a13de6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:353ad060-5b0e-51e5-a77f-cdef9d83d89c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4eb76b8-5abb-5805-a78a-51518856609c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ac1953b-3b71-5789-8d7e-e352d7141d41", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6eaf43ff-987e-5c08-bf48-f35a373672a4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1909956b-7ef8-530b-8c93-3b6bdc78e247", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:212ffbb2-04c5-5932-a508-ca7299c577e2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e85b9f5f-a427-569c-b1de-68c855415560", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c6cd4ef-1a51-5b51-b784-ed9a7db2a369", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:237b81d5-c4c3-516e-a2ef-8fb06ad25481", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba980532-4c3b-59d8-aefc-00b1a35b783b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c992df5-c377-5af7-8dda-50d6c30c0db9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3516ab55-9375-53c4-b087-6fbdc9544a6c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e98b6c7-a8d7-5b7f-ab92-7f38ec95d34a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d62ae48f-ea34-58b7-8ef0-2022ab4e82e4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e246f3b0-deb1-5803-8c41-afba3dbeb615", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5286dda7-8d3f-5175-84b2-15ab88666584", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6aeddbb6-d69e-5349-a3ba-8e62f7631ed7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3cd1946-2cd9-55d9-af69-f1562a485286", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:884e1099-2955-5a1f-ac27-64b1602417e5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:411a6ebe-11b6-54a3-b152-923d9d5d8fe4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eef2ea35-0fef-543d-a050-6cc2abfe9449", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a981b9ee-5adc-5ac2-8ed9-5cc686557692", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0319a6e-07d3-5642-9e5a-cf8778bb27b0", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d78c285f-9f73-5609-ba65-ecab44ab5d0e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ffe958d6-f5bb-5e09-afb7-852b22a2d0f0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4003ede5-5fdf-58fc-8e40-b19f34440b96", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.1" } ] }