{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0b8cbb37-da9c-54fc-bb04-6345756a16e4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5a8c7306-aa35-50c5-b474-3710fc6136f0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aad67045-6cca-580d-8607-946090f1c9e6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99111020-ec5e-54ec-90e0-c007a4973c8a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09fabedc-6c5a-5315-ba48-0119b5f35856", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d96c6ed-e508-5741-adef-f4fcad5efdc3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2af0d8bb-df9b-5564-92d6-5f362abb9194", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30ab08f5-2862-5786-8aef-f01c1f6a5ca0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a49730b-dd36-5658-a1ac-edf9019ed28b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9583100a-0945-581f-92c5-f3cf53ca4248", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9f34292-7554-5c93-ad02-9a04bebf4ce5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac315c27-ea6d-55ff-961f-4db0bb266149", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5494c8bc-7307-5d76-bc63-2047797d3795", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83be88cb-075f-5fe4-b4d6-753924d40ebf", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e124c5f-78ef-538a-ab20-b90865b08aa3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:875122b8-7fbd-59c3-9191-55eb90717071", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57936f43-04a9-5be1-bd2a-727341089c70", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f050c28-32b4-52d7-972e-4508a54f5a03", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a99e30a5-fc4a-5c52-b7ad-09394ce8af01", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e7917d6-5cf0-530e-a0e8-4b96d719f0d7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26d1ffa0-914d-5849-8ddb-852840670930", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0077acf8-71fd-5c02-9272-8d78cda09792", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d50267e1-6b50-5812-b307-938b884a9657", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e4d68eb-a7fd-5968-a904-dac6d9e1e099", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f96e5a4c-120e-5cd3-8378-8459fcc3c712", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b44dbadf-49c2-5d49-ba26-995071d7a95c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ba72823-31e9-5490-bce1-6449489ae33b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3b1ccb5-c4e9-54fc-8f1c-bbc1a380aabd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee4ac9ad-5d8e-5449-8dfb-35a9c97c0eae", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2ad2836-fbec-5188-be68-273640ba7ad3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abe825b5-b24e-50f1-9016-d858c33ad347", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:962eb8ae-ae66-58ad-a31d-2e2a92d5163d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e65449c8-825d-5cd9-9057-0d81ecec9952", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:369618ec-58b7-5cd7-ba04-766bf06739d3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3116be69-d442-52b5-b8dc-dadba9d97631", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:650217dc-001f-56e8-a781-81d475682f63", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:210176ea-b166-5e09-8afa-08d44a3a2c5b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eda7d0b8-4d71-549e-8456-663550fa44e3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.4" } ] }