{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8c72ed3d-5196-5203-a0c4-6a8305337f5b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6878f7e0-6076-51d9-ae69-3e6636a06f72", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c405414f-05c1-538e-8555-81ba9e3da082", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67e1942b-3aa9-5c23-9c1c-29e43e56a2c2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9f00a38-c8ba-59f5-bfc7-bd7b69ecfd4e", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31a53df9-dd1d-5147-9d77-15ad9b08d350", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fa95a87-bc28-54f0-b9f6-24d16fa5c3f9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:450bd7f9-746f-5d7d-a37c-c4142013b0b0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44a2188c-45d8-5067-8681-03a69d6de58b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2dc8a3e1-ae98-5f7d-92e4-669efbbf620a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11ecac32-22f3-5348-a038-cabec9055d7f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41b275d5-45fd-5da6-9f34-bc1ff4939872", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc704b10-9652-54b6-bdf7-27cc1fb3d4cf", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf8f3075-dd94-5d9f-9b0b-fea063fe6b98", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6755bd97-c392-5e3a-b614-4cd302c5b289", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef8ed51f-1c06-5a22-9d33-dd3452ac07e7", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a242878-87b6-597b-bd43-ad9c7e54a321", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9b46171-1b3e-5c57-8f3e-0b160fda5e05", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41e33dfc-9540-5f2e-bc37-71aaba1b7867", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b9f2b6f-cca2-50df-bac1-710d01d3543e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8157755b-4742-5478-a57a-8cea26ae3586", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14250090-cf5b-5e2f-a259-8d31c847ba2c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:399b1c9d-863c-58b1-b010-8cb003081363", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:044d1618-ddb9-5e20-aac9-6933bc96c582", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:728f2a66-1a35-5c6a-b447-84a097d2fb62", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96db19fa-53fe-5e13-9f61-080e39a60db7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:248f2cbb-6797-553b-a58e-446e4a09260e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24722d67-050b-5ff1-ad41-d1b815f26fa8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5241faa-cf0c-558f-945a-050367aa1787", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:830cd733-d1ca-59b8-9e73-ec506a09a45b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:864e195f-c262-56bb-936a-c3946ddca0f0", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c36cd7ce-41ab-59c5-93e1-f07b6e8728cf", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dba010e7-7d2f-5654-b075-02f2734ed19f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0527de90-ed02-5cea-8a93-6731beb9ff71", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:139ff846-5c61-5244-800b-3ae83db99e45", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e421a30a-51a4-513f-a815-3dcf93bc38d9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1224636b-136c-575a-b077-d383a372b139", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fae6036-808e-5b0b-ab09-196ece2bac4f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.3" } ] }