{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:02645c45-21cb-5de9-a596-ace5b6872e8d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:99a87f16-9d0c-5b0d-9d76-279706b84281", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdd6e7cf-ecc8-5a22-892d-78ba0adc2569", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:137c7b81-b2d7-5aad-bd4a-c7ca330fe819", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f1cf764-8223-52ef-8277-b7261b3e8258", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e76e944-76ae-5bf7-9c19-598caca0c60c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e19beff1-6278-5a84-900c-5edb61257f32", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14d9d579-a4a0-5aa9-82e2-5f6c9e055a48", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39a71da7-af2e-5cdd-bd0a-c833b79c54bb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53a50018-a597-5bb7-9794-2e3fbfb54542", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5506af7-9d7d-56f7-a718-ef68f4a1d465", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30539d8f-d008-5893-8ac1-52113445b3ed", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79b26570-e7e1-5ebe-a10d-37f2bcadd850", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37c06a11-b9aa-508b-95de-7bbdb5beb5a5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42f11cf0-1360-5129-a7eb-7735e47059f7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a3e045f-80c4-502a-8a08-b0613fde456a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b9a1bd6-6f04-5ceb-898c-c8ea4dfa14f2", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30f6a3c3-fe52-571f-ae24-22050fa05464", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93d5d240-cf65-5847-bd4c-738092ec0393", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39f75fd5-4438-56e9-8c69-87fc6604f478", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11f225a6-cc05-5427-a9e6-567bbbe28e42", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a0c8120-f18d-5809-8d89-a19c65a29afb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4edd01c-a29c-5505-8286-b6ccea065195", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:149faa45-3e43-53ca-a40e-238fd8b4c143", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b738169d-0d1f-5961-809e-a0f6898c14ee", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80eddc6b-fcef-54b1-86c6-ff58a594da41", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5bcf307f-4c44-500b-b198-0f5902cfbb50", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:803d87fb-e3c6-54fe-81aa-1dd44e8b6d4f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4160d14-e353-5725-8d32-8cd0c00b596d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2993fd4-4fb4-5edf-a5b9-43a6b94985ff", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0bcbe797-7f5c-56b7-8ea0-389e9abe0d5b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d20d078-427b-5686-b5f6-18cb684d4fb5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83494bf3-b047-57a4-ae9d-070dcd79fe1c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62c1d4cc-31d1-579d-bfa9-5beaea4141c7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83a7c3f1-8638-5e3d-857b-2fdc1d116f08", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e06b1d95-4ba5-5e61-8d6e-d9f5bf13dd43", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2200840-c576-5771-bdc1-c8404c93059d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d0d06cc-d4a4-5d44-8dfc-df8049d9b3ac", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.29-tuxcare.4" } ] }