{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4f31f217-34a5-5155-ad91-1b5e05b91b4a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:38f0cb8a-be12-5648-8468-7ebb3ec31d62", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5e0e678-fc0f-502b-801f-1b742eb8fc52", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e96f3f4-c6de-5abf-933e-bcd96d8dcac3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3735cff-c68f-5c18-b5b5-b4ee65554646", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d205f1b4-bea7-535b-aead-2f135135660f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:089e7bf0-29d2-5d08-92fe-72588f6e7bcc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e94abe06-ade6-59b5-9185-5e169a314cf4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60836f6e-7a1f-5482-ad0c-72344b99e5a2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:140a56b3-f8b8-50df-a9c1-fd126744984c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c49e2bb2-b84a-50a3-92e0-25dad1a3ccc0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfd97c58-ae79-59c8-b49c-6db851bb783f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d6d3275-682c-5fbc-9952-67e70598bff4", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:332f90a5-7016-5c1e-9ba6-1f58e27ad854", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85c72c6b-a0be-5632-b67d-05aea73020a7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ebb9f67-ec2c-5a54-8fc4-5ddcd56e86d6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0767c8e4-25d3-5770-9e51-54922b3638a5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c921862-ba60-54e3-ad5b-e2fe5255401b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6cb9357-0226-57cb-80e0-3619ac011e2a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:daddf4d2-4d75-5703-a18e-884ab84726d8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c116c8a7-ca46-53ab-ba7e-5230cad02999", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2656a67-63f8-5545-8fac-fcc57001e884", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01045eef-f0a2-5620-9b4f-a673314647f0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a905df15-d057-5ea8-b90b-761a0387c62f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:817a45f8-39eb-58bf-ba00-e5e3575dfdad", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65187c12-6577-51cb-a9d2-11de37a3afd0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc30e01a-bf4a-5d3f-ab94-df8dd85496bd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1689208a-0f95-5811-a7e9-5c38b3c2f82d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4985891-7df9-5386-b1c5-f6dfb6e934f2", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6a50cb1-783f-5f39-b2a6-fa7ed9ccf996", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1dcf854-11b5-50ec-98f7-15d40196cf5f", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e237038-48da-5641-a455-8d4836f7d66d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:819fca29-9d27-5588-9954-69306c785b31", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f04618de-716f-5edb-84c5-86ffcfcb03da", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7df5b700-71ab-5056-9207-c703b37be34d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42a527e1-b940-5747-af41-d2960cf194c5", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4811c7a-dcf8-536b-ac98-3d25a32c0bd2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1506a326-77f0-58c3-82e4-1fde01171b24", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.2" } ] }