{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0e9e59e0-0cef-57e4-a685-551fd659b607", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.39.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0705bf00-d05d-548c-94ca-92584b13b0f9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc9195e5-bf4e-5ed5-981c-c5b0b330ca77", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-context-support. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:656946c0-c340-55f4-b376-2109f7725112", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:053fc9c0-c9a8-5549-806c-80bfeed806e5", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9541098d-af63-51d8-87ab-8ed59e78a313", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27fe4daa-ee6b-5733-9c42-92ca04d8072e", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14447f08-05bb-5862-8f21-c1bafd97df27", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c852e61-90a4-5c5c-b660-516dc575be11", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.39.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c8bd3c3-3988-59d2-bfa8-3cfecb4b92ad", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e3ae534-a78b-5329-a64f-237b37676380", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f5d24bd-06f5-5f60-98c5-94e07f1b036e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e26cddc7-ff4f-5715-b794-db0f365562b7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87826d05-daaf-5a8f-89fc-64a3965d7205", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57b73f51-10aa-5135-9f95-b9b8bd52db23", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93e9e55f-f4bd-580d-a901-28db068ecd17", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e332326-564c-5e68-9eb0-cc89cdab6f84", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c34e793-a54d-55de-b905-3facb9121955", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b033448-42f4-539b-9f01-80da9627d604", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bcac973-bd45-5805-b163-25e4db774c07", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-context-support. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:486282dc-e7e8-5656-9984-42a97679efa1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0121d740-57e8-5843-8647-8ba33b2ff9b8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:072c3c46-5604-59a1-b131-0c8dfeb4f56e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13d918a8-847b-55aa-b48e-3cb01ec742f7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7a44c7c-620a-52ef-ac26-222ed4a474dc", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc4b424b-1541-548e-b449-f7408e9393cd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8184cae8-f15d-5376-a2ee-631ac4b3200c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3e51002-454f-541c-a06b-d46307b3a09f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5a76713-4bd8-5a46-82dc-898e248a4291", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c767c2f-6c0e-5ac4-a11a-1830fd252748", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:494df7d0-e4c6-58f9-9714-761b66f8a1db", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3ab548f-0add-534a-8a96-082479900e4a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:873aadb2-2d39-5714-a682-bccce9926472", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a2f7726-96f4-5cb6-8080-503f3c85f799", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.1" } ] }