{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:18ae5e32-e06d-5a31-855f-52e9e574868a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:662bb197-aedc-5b56-a89b-53566b30d9fa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:523aabb4-5b88-54f8-928e-17e8d116960f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db72beb3-d94c-5181-a3ef-9d212425938a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a9f8f26-905f-5c1e-a3cb-0b6388ea0a41", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2596d16a-408a-50ca-9a52-8dced8dbbe69", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef26e043-e2c7-5104-9f64-0e34fdaac8a7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:419c0aae-97d1-5d58-8fa1-6a9ffc154472", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ac28ad1-3972-59d1-8d3f-677ef82ea528", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e03bd47a-d7db-57fa-9766-2af608321c02", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b5d5b32-46b4-5a14-b7ed-57c9945433c5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66a2f51d-7bbf-5619-a6aa-e7d1b2abd927", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6667923-f719-53cc-86c2-b02af80a998e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5bf03ca-87c4-5807-8305-b049b2a49e27", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:963d2e62-83f8-555c-8fb3-a71937875c67", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86bb8418-ad31-5692-a703-86067e8b22ad", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9511c496-9b2a-538b-85c5-39996aa9cc0c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01f9d2b0-2f4c-5458-9f04-813dfab68988", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a77e938-c6a2-5ebc-8b1f-7bb1edb9a4cf", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5249299f-1a19-5b50-a7d5-4d564a9db45a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65398f94-c3de-526c-87f6-637068602b80", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a29593e-4086-5bb7-96ad-a06e35b97f19", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb0b5145-2d30-5077-b5d8-6555788bcfd8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f30db9c-507a-5fa0-89a0-9d317f647e2b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d85c8a6f-c037-5d15-81f0-bdd7f433c4cc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20d6ea1d-1cb1-5709-b4fa-2378dee6b3d5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5edc22d-7bb7-5967-89f1-8c8d98fe28b3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fbf05c51-27c0-55e3-9031-320d203433ef", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d579af96-ad5c-517a-9ee7-d057e2636dfe", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5888f1d4-2298-514e-9e39-88717dd25efe", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2ac5248-ab58-5fa2-98e8-66997a15b925", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8059fdde-fe8b-52bc-b80a-e3b0c210c1ca", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47cc79dc-6558-5072-8426-6f0156e3ea52", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4651b0f4-f2a5-5d8f-9f10-d8fcc2d4b724", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68d54653-eaa1-5fd3-a0ec-240b9e45770c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c6a1dec-d571-5544-be81-eea2e01f755d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3637dee7-6bbe-5079-91f3-0ea639bbe8f0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f33ff589-3711-5639-93bd-e322469f128f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.29-tuxcare.4" } ] }