{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9c5c2a46-694a-52f9-8b4a-c5bdee21820a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a4367287-cdd3-5ab1-b651-4b034bdc21fa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ec949a77-81b7-531c-9f67-7aa4bcf29605", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ff3ac2d7-5590-5582-a24c-93873ee9cced", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:73938f0c-5313-5058-9bd0-449c07325801", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4072baca-9560-53f6-956e-dd3854e5adad", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:63bc76ab-93fd-5f7f-a36b-9cc03a1054df", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e4b14316-9517-50ff-924c-0d852e68a4bc", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2185a17f-19e9-50fb-b3ec-34844b5be2b0", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e98d883d-ac5c-59f9-af27-4d003a99e13e", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:15fba66f-2a81-5fa1-b7f1-05702cdb59d4", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5901d6a9-cce1-5b44-a59e-a0d7d7f544b3", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8b6d0d02-387d-5a5a-bbef-44773682b004", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9cfc2e82-e42d-5bae-92aa-659be6111283", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e0b88474-13a1-51ad-b456-9bc1d5829e9b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:03ecc80c-d876-5422-92a8-1c8f16eda632", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b3d9a5f9-6d77-5fc8-9d2d-d4c19874dc38", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:fbe22445-ca83-55c5-8880-52e024f9cd30", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7a031833-c708-5f55-84f3-2ffa763d6dec", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3183be6e-9eba-53df-8803-da7b8903d418", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d26178a6-7b78-5d4f-9e4d-167d41b20e49", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:98666430-2561-5fa6-9c88-9d9b3be046da", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f0c8c9bd-681b-5fec-a28c-0a2559bf0fe9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6329b19d-309b-58d4-b260-71feca677bbd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9359f95b-638d-5a34-8988-9cb06a005284", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6d0f14d5-7f6d-586e-a0cd-08036278b81a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:441fb2e1-ec13-51cb-beb9-fc5358c5032d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bd5f4d28-2d97-584c-afd2-7c7725200c8e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8f404a61-f3ac-5703-ae13-0ffe0ec0a741", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0c3cc8b8-1812-5c79-95f5-1a85c7a12b93", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:40316948-71b3-5aa6-8f16-c76fff308164", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3690aef4-4fa3-566e-9eac-cc5485d9bbc2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a6a9d030-353b-54ff-832a-e3d759c2c7eb", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:608b59c9-73c5-5b53-9acd-23df42167afb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0b0a2c37-4cdd-562d-a701-34510f416826", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0bffbf92-ff57-56a4-a195-2f59f898f8fc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c1f27723-fc23-554a-947d-96dd067785f3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b903a8f0-7ce9-5122-9872-62aa48bfed14", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.31.tuxcare" } ] }