{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:de751872-1583-5f02-9186-2abae04f505d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2a13ea51-f55a-548c-8967-0c08234642d7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95111349-d5ef-5d2b-8c8a-8bdb124827e6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac828d27-aba9-5f5a-b2b7-96ad9a88baf4", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db2096b0-c49e-5d6f-bb6c-44341da9f0d1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:976b39a0-6e4e-5d9c-af6e-3cfd65c6c6e4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b23bcb53-0a03-5f90-b49e-ea31c8aed80a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:587121f5-7dd7-5dc5-ad2f-8de2ae530700", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e14cc9b9-c648-5883-b816-fa5388ce0130", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8f09093-598e-5122-8403-532db70bcb77", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ba68d58-273a-51f2-a0cb-71ac9a90ee4d", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e301cf8c-255b-5590-8161-d35d6a532b56", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6892080c-6493-5c66-b65b-9e84a9066de1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f0d4b85-9f02-5418-8c83-15fef6634a77", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4265e443-2a73-5ffc-bdf6-4f29a66cc7bf", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc4330f0-7c63-5486-a5b7-133db620a0de", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c96d1e2-f662-5bb6-8367-bef204d8231b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2f1d7da-d89d-5183-8bb0-8a79db4d830a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a30b853d-c546-508e-9bc1-f2b2d853c5de", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d25de15-1969-5ba2-a289-a243f8912c0f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22a6aeec-0c75-5f79-9bdf-ca19d8461a99", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8baa93f-f96d-5a25-ac1e-20d574b1f08d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:865a04bb-6890-513f-8d48-c7ad861b4e4f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f8928f0-cd3e-5f57-99a5-dbcd328376c2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dc9f2f5-f51d-59f1-af77-8ce44b6c6adb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2d9c681-2a4a-5b4f-8f04-b6740dbfc134", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8ffd30b-bd18-5608-a8b5-61d0f0b5bea1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a84bab58-89fb-5b22-b065-bcab90f9bda5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:271b8d34-b6df-5220-8079-d1d08c752ac7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1035eb04-ed4e-5c82-856a-d874cbe5587f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cb0b4f1-53eb-5824-9927-2d76630db6f5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39506a00-13ea-55e5-9ffa-4a16b502925d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70fa104d-a360-5f3c-84ad-09da2ab54079", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a98eaf8f-9a16-53a9-9fce-a5447266add9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3912403-a6d9-59ea-98fc-b62d38da7ea3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29be1a73-f4bc-5410-9044-3cae35000917", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d81ae3ed-c806-53c4-8718-3954cc13ecc4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64479602-080d-5ec9-b842-c4d8b49856a6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31-tuxcare.2" } ] }