{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:406bb45d-21e4-5d3b-a18a-7a71ed511f4d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0de71f2e-0c6a-5c88-a600-b32b0b720480", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d3c39aa-1391-5f9c-9d60-89f6730012ac", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99358a24-5574-5095-90fb-c69a4beeff37", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:32d951f0-f68c-58a8-8410-51bc12316abf", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f30ad09-5472-5aa6-be2a-741b3d04e9e8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ccd50f6d-ec0d-5af7-a09e-dc97739555be", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5693db40-a230-500f-8fb6-f189f859934b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3376d592-1d82-594c-9707-c2fb9032abbe", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:57687079-fd8a-5f06-b4c0-c6604032c49e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a49cb29-91f1-525e-b5fc-b243084763e7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:371c2cf9-0c9c-5be8-a9cd-203cc549ea7e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0fe16608-b589-5ab4-8d5e-f13be6a296d6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b3a138f9-6f01-5345-89cb-2463b01bc805", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:577e29b8-769f-5530-8773-7d5086ac5897", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a91381a-1531-5125-a088-83042547976c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:de85348a-39b1-5a3f-a172-d6a4aee9e6ce", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea6ce7a1-912c-5ed6-88ee-e53ca292961d", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9393a821-16ce-5228-b7d1-6ff5c6334a49", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a52e77a-2a77-5991-ae50-a44abc0c0489", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7fd7518b-51c5-50e1-aedb-eef52e196ca1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e227033d-1798-57fe-8611-9113181400a7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bea59634-abcd-5bb8-b33e-e2fca263a2bb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30bf46e9-4286-534d-9809-c3f30e064193", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:55c250c6-89b0-50fa-948f-53ffe11ded28", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4541fac7-1745-5f79-a1b0-8caf2ab3f494", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1631f010-2f29-5f95-a66e-0044553f69a4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cfa15178-b51d-5bb0-ad2c-7eb8b626c6ed", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e752973f-6948-5b6a-bb04-e989a18acc20", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c65fac26-583b-5e37-8704-11bce254758a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4b5ca2fd-8e6f-51bb-b35e-6b1000f52f0c", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b8df3041-df99-5d25-8c12-018dc67823c4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dba38612-04ad-5b5f-a8a5-ad04ba72b183", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a6b8f04-5a70-51dd-83f0-1b71f529abf5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2b945eb3-2941-57a4-bddd-4bada15fe3e3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:224b2826-5688-53a4-8dc1-e9f481848ee3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:073935bc-5e6e-593e-a945-29cc63750487", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:af18c042-ae90-5168-860f-1509fe079da3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27-tuxcare.5" } ] }