{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:db308c3b-3821-591d-ac6d-3f3bfa1b251f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3281f339-b515-5076-8e71-72d643618a8b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:106b1a4c-93e4-5424-a091-847f66383117", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-context. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:33201d7b-2780-5f64-9ddb-3dfe1296edbe", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:38a71d52-ab07-5c5f-867e-83952d2eb6d2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b2aac702-a9a8-5d10-b60c-d35dc85a56c2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1e5593a1-3e16-59fe-acd7-5ba2ddf67d24", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:739d8aa3-58cc-545c-9bf2-f06057b090ae", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:35f1d44c-3f3f-595b-b9d9-f2119b6d246c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2716512d-a1fd-5bfd-ab54-c99b87d782d5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:acaaa295-dd0d-5ef3-ac94-ac3c80b60216", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3352a97e-30dc-5ec8-942a-a6e3cc32169e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:47e83ee4-c8af-58a4-a720-ffdb9dbd4b08", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f10d792b-cc50-5dd5-99ec-60d36312de26", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:4491f968-0c49-58c2-8247-67b8689a5d54", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d2392e18-1a6c-59f9-819b-6153cf6a4bb1", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:163033ab-558c-5d6b-b589-f9d7c984e705", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f30e2b7c-3dbc-54d1-a52f-7374c940ac2a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d83d77ed-d9e3-5896-9cae-f51ac3490698", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:a79c9d2a-6390-578c-b834-51637f414866", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-context. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b515722b-594f-5e3b-8611-9c22fe58c381", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9d372382-5712-50af-afc1-654bebfdecea", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:14bae96c-8615-5e7b-916e-e9774fb74b74", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:34e125ae-1b65-5244-9af6-6390ed8cfffb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2fd05112-9978-56b6-8ebf-250f64fff8f9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b3dd03c5-faa5-5581-ba93-2c8220d341cd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5f8d6f4f-ebe4-565f-8911-7bd78766f098", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:e5f229e6-5d95-5690-a5e5-81a209881709", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5122f432-580a-5fdf-a507-4dc99e089021", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:52adad3b-c7b0-59a4-930b-24157f55b852", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:03abd1ac-380a-5ded-91be-0e6a59ff0bc2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1eaf0ac6-5452-5ab5-ae22-3d98b2942948", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5a452336-f083-5ec6-8983-4894cf3d83ac", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:94ebfc45-ff74-5887-aec8-1afd24b0e2fc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.10 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39-tuxcare.10" } ] }