{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2d6d17cd-eae4-5ccc-92af-426f753d430e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "5.3.39.tuxcare.6", "purl": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bed79e3f-5a3f-5850-972a-be3dee92dda8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8ed3b591-a335-5f04-8d21-1fd023d8596f", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-context-support. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0f5fc9dd-9cec-5ac3-af30-5446e49ee538", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b22191cd-fdcf-595e-9b32-5646ce08fd9a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:57eaf66f-6abf-5711-b332-7128836dce94", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a4c665cc-832e-5dc3-99cd-027542cdb986", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e2827558-756a-5b3d-bb79-b4233ac0ccfb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:82d32913-6579-51cc-b767-0c6253ada3ea", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context-support 5.3.39.tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fc12d3fc-e333-56c7-87e2-831e03540780", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7d16d282-485d-5c6f-a6e4-02bb33a1483a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9eca1a9a-f27b-5733-b76c-f0b49b83279e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:915c8ebc-75f2-5e0a-bb54-91e23120a8f0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d9f957fc-a197-58f5-8f97-089575eb86c5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a1295356-e7e8-5304-856c-9ae310a6e29c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:60af6042-190f-5871-b904-6c9d7f75ad1c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bae92a91-bcc0-5fd3-aa2a-bc7475da5aad", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2cc7b73a-09d5-5744-9844-33358af3678b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ef95f2d0-f151-5271-aec0-16cad32bac67", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:30c1edfb-e53b-59a3-958c-0af7889b568b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-context-support. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1c738e5f-3a9b-5d52-8398-144d5204a606", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:76bbaacf-ca2b-50f8-9a1d-131d7a22a20d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5bf5d7e1-0c8d-5dcb-aa46-da9c625451d8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cb9ddbef-5cb1-56da-9919-a13305bde0c1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2f0c8420-77d0-5cb6-98b2-bc6fe6487a69", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23344ed5-f164-56d7-99ca-3c14a21f46bf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1c75b4d6-ded3-5677-8dd0-9c852d5a142b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8c0da23-8d4c-5979-8940-2cb237f02173", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:77be0d4e-67ca-567e-b463-d993341f796d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cecc57bd-7a63-5fcd-9bdf-0753acfa8475", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ca16a6c3-74d2-5967-bfe9-1be7f78f0aaf", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b167499f-72bf-5603-8eee-6f082afa7940", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2decde83-7191-57d1-963f-5db5d5641b62", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ae8e9918-fe75-5389-bb9b-9d183c2fd1a1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@5.3.39.tuxcare.6" } ] }