{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:49a96161-dcfe-535e-93df-f9ebd403662e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:91252547-9699-558b-b5bb-8a2e9daddd06", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eef6135b-4f25-508f-a0d7-930e73d152df", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f26641bf-ebb5-5e57-958b-f81a7453f956", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22b9b2ad-7559-519e-88cd-c272b6cec5ba", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e94844af-4a23-5ad3-a8c7-4dfe00bd837c", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33bf66a1-c2e0-55da-8849-7bf772e43be8", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e6bcb5e-7848-5353-8b56-2824405c8b08", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21e8a5fd-19d8-5968-ba76-cd222e7df5a6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbc1f2c5-a841-5172-8a60-7d2473770170", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0223706-1523-5a2d-a0a3-59235e0594d4", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46a41b04-3a64-5ef9-9f0d-b298d08d702a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f2a394f-d0d8-55e0-a614-bcc7765de5d2", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e92a5377-7bdb-5425-acb4-66e786a4bac3", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4eb3c83-b8b8-58b5-b8eb-a721f2b14318", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7500262-81c4-5975-9d5c-74b3ae011cd8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b3f85f9-fb26-53c0-a944-5d48f4efcc83", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18a5caac-0929-594e-be97-390a5946ad8f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0bf3ea1-09c8-593b-a802-cefc5c989c68", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fd3c96c-e14c-52c4-9057-41c77c176b01", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8937ea0d-2006-57fe-859c-5b9d8b32fdfd", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41984939-cc7d-5d07-b654-5b50333a1a2c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:baa5ebd0-c63d-5242-b557-9eb6b3142b2c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0288c3ce-a1b3-57c5-8d08-8a05007c9027", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc0b9954-da58-5364-a3f7-1b9898c08cff", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b46c61a-7c84-5125-af55-e7a169b28c4e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae1d0d89-132d-5027-be4b-0001b7729571", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cce7a652-a2fb-543e-9c2f-3f14ab56282b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a022bd88-ebdb-5eca-a40b-ec05c45c215c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd49a9c4-3446-5be2-ab23-ca2de17b40eb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02765eee-a280-5a72-a318-17fbc907097e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f577e6ad-4eba-531b-9b1d-0d8b1985405f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20a7d148-7c59-5fce-a3b1-1dc3f720bf2b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37aa0391-643b-5bbc-927c-bee641def869", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3090370-febb-5d42-b06e-b5fa6f0078c2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2c5ec61-1bb7-5924-ad77-1565d138ad3b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29e1344b-dd43-57f8-a7c3-4c9f40752d26", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc993d92-be41-5cb3-8ff0-f76b1ba83480", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.1" } ] }