{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d799673f-711a-5716-9edc-93edcac960c8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f56ae987-e0d7-5730-a4ab-61ecf9d9dc5c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b70a44fd-274f-5e2d-a901-c73efb74f76b", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-context-support. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:7f7e0517-4c78-5147-98d4-f408a404904c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:216e0789-edc6-5d92-972a-3270dd44ddf0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:a52193d0-8d86-54b8-805a-504d82d28a92", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6273a7f9-7f5e-5b8e-8dd3-41db5bfc709f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f0a49fe8-2ef3-5e07-a74c-5dc4dea93521", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:98d4dbcf-97ba-5a0a-89fa-d94673bf66f9", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:68c498d2-d637-5f42-952b-8ff6024ba641", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:a8fdbbeb-ca10-5702-98fa-859684378b37", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:580878af-a940-543a-8555-e458d52d58ff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6404a758-d6a7-513d-90e0-8600da31e1bf", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:fbded04c-6d47-5942-a587-e844a6702da7", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d52f229a-f607-5cfd-bd5c-384f9f488a22", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:40df434f-79ac-5572-b8e4-1fda0c380595", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b1817bfe-736e-5e9f-a477-09531f14d63e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3ff64e02-b81d-55ae-8f31-3cd191e2051c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:a5302353-f66a-5707-a6b9-4afd721c0f85", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:062b24d4-c8ee-5c77-8e55-cee18836b21e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-context-support. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6c9310a7-310d-585f-9154-71fb12322453", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:8fc234b5-f8f3-58b4-822a-3305c7d7de9c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:58235051-b7a4-5952-965e-628a536fa852", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:a6b7c77f-d7c8-5b3a-a3ce-eef2293dd896", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1f003c51-035b-5ded-ac67-97bac4420f6c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b6a0337d-6931-526f-b51f-297958a334b3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:7446e0a1-1ff4-53f1-b215-ca5ac44f29f1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:0bb2f862-9f74-5973-8ad4-fd7d16843aeb", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:4df6d57d-de90-527a-8183-f7ac1173b700", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:bc0b3267-3b4d-5ae4-95a3-29ee835af042", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:934907b7-7707-540e-b559-30d31bbdfcda", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:82e19ea5-c4ef-5678-a08b-bd22096bc26b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:7c59b0da-053d-540f-8c3d-ac1e1c6525f2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:05354ff8-0720-56c7-ad57-89c6b6a66187", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.10" } ] }