{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:75d036fe-e073-528b-9465-7ac7f05da8e9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:722b33eb-3407-5e03-8a5f-ae33c81720f1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f18973b-4b7f-5102-846a-27d114ad63eb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:380d69ea-eb92-5d16-91f6-77870e7745b0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed9bcaed-4ec1-5eda-836b-ab83aae6e2c2", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3018f76e-6898-5d98-9771-1876753722dd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbc59524-d9c6-52e7-80eb-e80aaf2be7d5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:961c30ae-e3ce-5221-a90a-d5a21ceaf647", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8eeb017d-c4b7-550f-a134-94d1461ddaf9", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99af3dbb-09f7-5bae-be66-9e8b3ba86a79", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a8724fb-cd35-551e-81ac-bce3d19cd798", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef6d47a3-d127-5230-aab7-231ea362f69c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fab1273-0163-5e9b-b578-ce36afaf87eb", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b61af27e-5d37-51cc-a13c-54d7495742cb", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b705ab95-30a4-56f7-acb0-1ce6c290b79e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e685b368-977c-58f3-adab-b7c3a175ea1d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be1c1319-dc83-5b52-895c-15fea52702b4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69aa3543-38b1-5497-97b7-f915755d84f1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4811e3b5-24e8-5126-8f33-a3c8c84ff5ae", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6d737a6-e775-5771-92c4-ffb31572311f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:474ffd9d-776a-5019-b4f3-69d1e5c66c04", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2880544-7f28-5c40-8aee-d47264e2225b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcdae4ba-5673-55fc-9633-f10dcea988f2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bea09816-a46c-5b27-aee8-6dcc5450ecbd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:009f20f8-c4be-5e57-bfe0-12905bb6e9d1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06b517c2-bed8-5a12-a2c2-3845d15aa8cf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:886e9df4-578e-543a-b368-c49d841d9181", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e216eaf-b7d1-5230-8128-64b350bb5566", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e193fd65-2a48-5fcd-8257-c3366d234f1b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f972f952-b74d-599f-9c46-c26887b20986", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54636b71-6a62-58ca-8be4-cda5c5838fd3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0220417-637e-540c-8223-d25081e38094", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a1d7417-c0fd-5264-a4ea-5fa83c7cdaa4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6eee5206-f4c4-551f-95c4-6fce129cbd1e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:475d4425-97c7-5555-a77f-1c51bf228a2c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd0143c1-935e-5102-8cac-18fffc30f452", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a62e03fe-7860-5166-a554-92482c31a86c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27d9f607-3fd5-5247-8f73-255c57338304", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.2" } ] }