{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:38f50a62-5509-5595-abd8-490e47fcd7a6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:16c52756-c06e-579c-93ab-37b71081eb18", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27d9a3f9-ca0d-537e-a573-97f458c291f0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cc32bb2-c1f3-5c8e-8aba-23db2b49b857", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be0be0e8-6d3a-5bc7-916e-2f50d83e92ef", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89ee6c6d-78b4-5597-b9c8-d57ad4ee223a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a6fb82c-dee4-5e16-96aa-69aceca18111", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5e51741-a6ff-52a1-b8ec-652325b9263d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb6f7c84-e010-5a51-aace-7998037fed3d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c94e00a7-e652-5886-91c0-efac278fd4ea", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8794b77a-18a4-59c5-a9df-65c0c2e287e5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67b42121-6251-5c39-a3bc-e9d0a0cb1d0e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae3a4deb-5c6c-5ee2-8061-203ff8e8d473", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b736f5e1-9939-57a1-ab35-02adbd3ac0ef", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11022c9a-786f-50ba-81fc-4c043f8a7a1d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8b7e960-7c8f-5d32-99d0-1b7272e4361f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e999539a-dabc-5da7-9c7a-189f6dac2ee9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe1ae21a-f830-524b-b672-5f0c616459ec", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d5d785e-932e-5d0d-abfc-eb6f5c92d7e4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e07167c-8396-5ac2-b92b-589c02c21c67", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c5f2d19-14bf-5f2d-b106-ebd2a8493daa", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53b98bd4-e619-5fed-a39c-705675366988", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68bdc86f-14c6-582b-994d-107ef1d07391", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83b9c8b7-6801-555d-ad2d-80fa3c0cc18f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:067d34c1-e81e-5377-bb8c-29a6863343d7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13074920-da61-5355-8cdb-035e57824404", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:930e55b7-a870-5513-8341-c798ebb6d11f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0443032-1550-54a4-bd03-5c2c8c51a327", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:659c35cc-6c0d-5428-af6d-a9cae87acd68", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bfa9183-b4a2-5159-b159-3ddd64314f88", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cdf7be6-29ab-58c1-8ac8-56c357b7a0f9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19568f27-58d1-5990-ab15-1df825375e2a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5972d185-75aa-5f8d-b7a3-d7ad1ba536e7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e493511-834a-52b8-a127-9ddbea0afd2a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c81c071-0279-556e-a0fa-83cc35fa4455", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0c6b254-8499-5d80-b09a-9c5eca82bd58", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4566e9f4-2ede-52cb-b1fa-83f0ebb19f57", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d25a9b36-eb76-5718-b1e3-7e013f181159", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.2" } ] }