{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f73bd813-ad8f-5357-8fc8-f334f66a2b44", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d0820618-cf75-55c7-9bac-5604535235d4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:28d91660-05df-57ac-8a67-5216b9c7cb38", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8f508abe-3638-5e94-83a0-663deea9d61e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f9138414-5d18-5460-b1b3-bbce10950b1f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1dabcd29-1b61-5790-a2b1-88f8b5286d13", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3f36fbf4-15d9-54bf-96ec-ade8dc8e8b16", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a569b1f7-1ac9-5b57-9a72-17dc81605ac9", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f6661fc2-99b3-59d2-99d5-43b93d9d566e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:99924154-9cce-5d88-9599-ce8496e30422", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f171f692-1827-5bc1-958f-f1c7c19d7eb2", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f3dd4e13-bb7d-57e7-a0f6-24b9557f084b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:85bc433c-062d-5eab-9f2c-aa6a347c23b2", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0eb9d2e7-a400-5b68-a205-e329a6f96fca", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ee8a2f10-74ec-5e67-b619-4d6b61a5d610", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:67594f73-d730-5f0f-98cb-7f19e6382d1f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:099ed573-7e08-58d0-9be5-3670f3a4496d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b0f80533-89c9-5445-929d-9b8095f5e3e8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:aa3a73db-2eec-51c4-95d3-b01606fc66e2", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:22425280-4143-5a30-b968-08a80139d7f4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fca89817-74cc-5c2b-8202-b9404ed0dcd2", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ad354433-6979-582c-b069-23f1316f981d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d03ab1e3-b51e-5daa-9acb-8abc068f1cdf", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:64887fdf-8fbf-504f-a5cc-532e16687190", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:31961d03-852f-5006-bb73-69a04d091dac", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f2d77598-41c5-537b-b6b4-c5a3fed5a7c3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f55062d5-c8b5-513d-a564-384628c7c5c5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:606e72c1-827a-568c-a803-9f89c5e75e3a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a2225e39-593a-5c94-8ff4-31c6cfd9b3d4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4abc2187-61c2-5e10-8e05-d3a901a40d98", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1268ecd0-3877-55e8-acb9-3384f0f8491f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6c63e440-0f71-59a9-aa42-438c99153bf4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8f616acb-2835-5c76-92aa-4bcc9dd0d738", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:39705112-6e4e-57d1-973f-9536d9f89390", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9a281f4e-6252-5658-b518-926417ccf794", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:aaa258f3-718e-58a7-9ad1-ddd658b93936", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a9d2dfa7-46e1-5286-a7f2-8c55dcb1deb3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6d53a2bd-1f43-5554-885d-e0fa01bdee37", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.31.tuxcare" } ] }