{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:05e16e93-43b9-5da7-adf1-7da420f4aa3c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eaa70875-3bd8-574f-84f0-9b987db8ebbf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd602a27-d98b-520d-b92b-7175697b9b55", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6470e72-7f52-5f3d-b60a-235ca7dca001", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6750239-4e0e-5418-84a5-f60dec0ab42b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7a0539b-3662-5e17-a0ed-311ef6fddafc", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbb2c148-d668-5f8a-b5d4-4063e298ff41", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:160d7009-5c8f-5dab-a6d2-4e140d8977cd", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15eab2f5-8b0c-5aae-8aaa-4902389b7ee5", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31766c4d-ed6c-5096-b08a-af2dd0d7b057", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9690576e-20bc-5ce4-b575-563312aff142", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33de8f04-4b12-5ab1-a8de-e42f89515e9f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cfb8e21-fde8-526f-ae39-e019a0ba7484", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64c85e9d-3621-5294-b079-37ba23f47e7f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bce670a5-b0aa-5785-8b4a-12ba972e34e7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5180f0a6-9413-535f-b7f0-3cf3ce42ec9c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a49bf5f0-d898-5e1a-9d56-8c7dd9825e1a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bf82d13-d570-5c77-8c0a-7ab89aa0933c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c839a53-6f15-5aec-8c1c-a55ec35e2db7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:786574f8-e6b7-5a29-8acf-2d8977231272", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21605121-9e57-59cf-9985-527b82c84ac5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5256c22-3f3a-58b4-ac0a-b55ad5c254d4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:050d82c2-7b34-5d5e-8d3e-e1bed599191e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:803c1083-d349-5171-bb94-f4d516cf4020", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff618bf3-d95d-5cc8-894e-93dd3dab797e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce506d71-dbb2-5726-ac84-7d5dd2edef4a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6dce1f1-a18d-52c7-9231-03d14185b360", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c5f24ec-f837-5bd3-98d2-b50f9aa6b097", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f70224a-4d76-5e7f-a862-107c88736c53", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93b52145-302c-5eb1-9d7c-09cb693683a3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:504a3179-4003-5bc0-935a-da322d3bcf5c", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eae13ca3-1d84-58cf-bd1b-e2060a41156c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf97b70d-365f-520e-83f3-f747f630783b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:816daa55-d52b-51b2-aad0-49b63c1d760b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed67ff96-81ba-5cdd-9fc9-fdde754dc099", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ef2ad44-6044-5941-9f37-f2c38a012031", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab57217f-63e9-50e7-b24b-f47b7e39f97a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c96bf4d-3d8b-53d7-824c-c98a117c92ea", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.27.tuxcare.1" } ] }