{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b1971ac2-a2c3-5f84-a109-e7f8187f9984", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7672b72a-153a-5bbc-847c-f8791d7d6305", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59b6d49b-2618-545b-8951-b6ccde2df7a4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ae3dc44-5a63-5cb2-a814-780d5ff99859", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a1251d6-55b2-5015-a090-00cd2996bf29", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69f267a9-37f7-56da-83da-e09e3e8b1335", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa845442-ec8e-59dd-a7f5-35aefaa11393", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67269b43-5cc0-51da-8a3a-97ffe33cbad5", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:378ba4d8-263d-537f-bfef-e3054e274d9b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca28bd88-2421-59f1-a086-541df21da8f8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95caf9fe-7ddb-5c41-87c9-7417fcc4d145", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dcaa923d-7334-5057-944f-00777db3614e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:895ee694-7cf0-5287-bc65-6eb7912d1e73", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d1b3ced-1d57-5334-a8cc-3cf7485644f5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5131635-04b1-5104-9a3b-5f5e16d3dc25", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c037597-f89f-5c31-a319-79d0e609149d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c78d3c67-0128-5b70-a9ff-620e7150115e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c322d3d4-f50b-5336-a9e1-8e526309133d", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bde0b9a-5901-5649-b6f0-5e46f1e851ee", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f1be878-89ae-5b51-89c5-2f5282f4299f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8e48917-f7b8-518a-aa76-45fe4da02175", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f557c60-8104-5892-b885-71dc71ea25e4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b79da8a-e88b-539a-8c4f-b5aa08bce826", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fe03b31-6108-555a-8cd5-6b15ba4272ec", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83c87020-0ead-564e-a634-a21c1eb5fd60", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f7d5229-5b8f-503b-846a-d5b48a038cf3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4660fbdc-40bc-5945-8ddd-6225309c9e2a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d04df62-0123-543a-81b3-3af7227733a3", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d65dc574-4f55-5859-b7ea-71d5b1f991c0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16f1bf00-df5f-57ab-a2d1-361ae23027ef", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c04d95f9-4b8b-582e-aca2-8cc52dc403c7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c4dee39-e2a3-5903-a2ee-5e3a9c4312a8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be81751b-aa41-55e0-aac9-a5821b9dc92f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b2c5ab7-d054-5213-b6c1-82a22e4d7076", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2afeace-6022-5ac8-be99-605c9a22a2b3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:148265f1-4e68-5bb6-a7b1-0014a8a74117", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3b285e6-ea06-53c9-9608-51e8151cc42f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2870c149-9b6c-5fd9-a343-06f03d6bafc1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.1" } ] }