{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ac6a9972-c56c-5ca0-b911-b9c39606bab2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:83691f81-f1e7-5e83-9d68-b29add71655b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46b0fb4f-89c5-58de-bb4b-1ff90527dc5a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e824104-4202-56e2-b544-f9c13f6b2143", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bec89e2-9572-5786-a6ff-6c6cf631e36a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d7e7d7c-091e-58ee-9a53-d0d32c08ee40", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8751a593-fc1e-5e3d-afd2-61460cf60e32", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9555e6b2-6d7a-575f-8bfd-4cdd01213f91", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:375facb1-d61d-5193-b6e9-b48af6bd2e64", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1852b4a3-ee78-5c63-a4b4-5917161b6c6e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1482986e-d8ff-52ea-8f07-a5e8d6a7cb72", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eaa646ee-0b5b-5316-bb50-4561769aa3fb", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21490b37-f743-5399-802b-80974ebf448e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aabca5a8-a377-574c-bdd4-1a147b003976", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c3621a4-c0d0-523f-bee5-3894b2f6e9f6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d245421-590a-570a-8d88-4c68e6b37edb", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dc987de-273d-5beb-a5c9-193b51f6f874", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8dcf0d16-fc48-5da3-a755-05f1612c6b92", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cff892d9-94f1-57c4-97f3-ea02741a6553", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ebfa7fc-9b99-5b7d-a4e8-4994e779b768", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b08073b-f73c-50c9-b875-4293ab9cae9d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9adbdfc-db7c-5d66-971e-b969388ac35f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f49daab8-8229-56ce-8d27-7ca033571009", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81f84f93-93ca-5aa4-ba1b-dfd1f0f0b3be", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d830d56d-7814-537e-84e6-72855eb2942f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1f4ce8f-cdc2-5b61-9534-3f5f82dec1fa", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74e0523a-f2a3-5c9e-b0ed-eb1af50aa7b3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36839f80-54e3-5800-93d4-a235b56cc487", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0386011-fb3b-5906-a438-56b3e4cf4600", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47a733c1-6252-5216-822e-939a9cd601df", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c8af906-ff53-5814-a2bd-077bd881257c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72b347d4-a630-5f93-aeec-ff3deabf2d98", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c5f2d9d-8d97-574e-b1e0-5b9731f79277", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d516833b-041e-5a69-8b54-cce44b89c5f5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ea26618-6062-5ef2-8b84-96a3ab3184ff", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dccf7d4-787b-5848-8f1e-8dc61236449a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ab37ca5-f184-5ecc-807c-615982ea836c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27d59246-af2c-59d0-b092-7a6b32a165c0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.1" } ] }