{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:73cc09ed-996e-5c0d-8140-4b29c86f3d49", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:318d5f4c-4fbb-5e35-8eff-2426a808a6f4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:c4bb2273-a61c-57d2-8362-8d144cb2a47b", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-context-support. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9e91bf14-8146-5163-bb67-80c2eaeeb031", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8c2a483c-483d-517e-a2b6-04564cc5cc05", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:171af2d7-26b8-5e03-8e93-0b91b067cdfe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:7bf9bfe1-8077-5d90-adf7-6ec25920a25e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:01724e79-c4c7-5075-b1f5-f5039acea2bc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:801c97c7-a1f0-5620-a314-4188e1d8b96c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:eb6ee427-9329-5ce0-b6ef-7b4f7ec5ca2c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:0277c877-c178-51c1-82b0-a2c9674e092d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:bf5f91bd-54ea-5ee8-9a3e-9dfc94f41d45", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2920218b-5765-5d0b-9690-f6aa645f3945", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4ae57cf2-9a36-5ede-9598-0ad3864a3daa", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a79e7401-0bf4-5539-9555-57c1faf5ba73", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:1b6b3515-44b8-5e42-911f-d6a16a24e748", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:0bdb73cd-1429-5832-875a-278f70451464", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e6dab771-8ebf-5dca-b52b-9ef49a563d0e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:dc396a0f-4415-538c-b680-dc230eb5a479", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cf90bd1f-31c0-50be-8fc8-421570dfdfa1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-context-support. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:372ee2c9-af7f-5c9b-a57f-a2269524f0fb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4b0e7b55-93a4-545c-acc8-67078c1b718c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4819ffe6-b9ba-5f62-a9c5-2c1fc634500b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:abe61489-5f80-52a7-9edb-faf50370fefd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:aefab597-4350-5ba2-8e0e-b1d204f03035", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:b448dabc-050a-52e8-858a-f959743dc900", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8bbd2334-508e-55af-84a5-54bc52ee151b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2731a0d8-42a5-5e87-8553-3bf4fba78f5c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:ef31ad64-b01d-57f9-95cf-cdfcaa9da073", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:36f29013-4d35-5086-a21e-e0ea36779636", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:ce57c19d-3877-542d-a146-fb03d77ef33d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:c2563002-efa2-55d2-9678-b704857f5d18", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4125ee91-159b-5133-9134-d3c2b196ea21", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:134f0ff7-54a6-56b3-a390-011b129dd867", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.11 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39-tuxcare.11" } ] }