{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8198583a-e409-5434-a772-b09f11e3aeef", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2ddf6c1f-8ca4-5577-9e22-1354bf290aa2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efa0f814-a1ba-5167-a7ab-14c2a84977eb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4af40316-ef42-5f9f-9e90-2f5821db9c16", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3805ca9-7d9c-5eb1-a645-2bd680963973", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca2b8a7f-399e-5282-92ef-f8c86772a244", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc88bcfb-eaed-5eee-8b54-408cd23a9133", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7bb6d99-4973-51fc-a715-858eadd4bb93", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dd148e3-b8cd-5ade-85ee-332bab19792e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:338d47b8-8bb6-56a8-9409-572a62fc11a7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e11bcb6-e16f-522f-be8c-9fc0697ac881", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fefafdb3-5a28-580c-88b6-73c420236179", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9e5e3c0-05e1-560d-bd85-4bbb33397f1d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b7b8aa0-98ab-5ccb-8345-07318a258dfe", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1650882-a62f-5551-83ae-028d6fc582eb", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66dcd748-93f3-508a-b8c0-6ff6af10f38b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57aa3d06-de00-5232-b77b-4935b7c10fba", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66eff26e-2fa5-5658-ab47-b8a3e8eb8476", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b57a2771-0657-5020-b1ab-134cda994cd0", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74a9f42a-163c-5eae-800f-dfb7781f5567", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:814454b1-8521-50ee-827f-cae117971cee", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5eaa9320-ef1a-592f-ad8c-8163481934e6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc016860-1873-5133-8f8d-5d75363a442e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ca242fd-9e70-5465-94a2-20284e077710", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01ea200d-b5ff-54fb-aaef-8de4d5d25236", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc143299-1f03-5ab7-8879-cfb247bcc6d9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82a118b6-bcd5-594d-9cf3-7c95ffada259", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37176fe4-498e-5312-875a-ef53d18cafe7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73c01e40-e82f-5c64-8fc8-fad949f7ddc7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e0549d3-9602-5ed8-a121-e2840c3e3803", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d07223f-d8e2-568e-801d-d368987f0277", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c79112f-f216-53ac-ae55-d02f65d9ad59", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f3fed71-4ef0-5871-97f6-126c3eff001b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7b5262c-004a-581a-b2df-9f546c814058", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bdafefa-ed61-5a47-9e02-36f4259974c2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:507c6007-fc2c-5366-8fae-6ffd50fcd1cc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e468704f-8022-5794-8327-0396e46cc00d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4272902-9d8f-5e82-a981-5ce42115ce83", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31-tuxcare.3" } ] }