{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4d696481-4644-5bfd-9df6-88168eb3a9f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.39.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:aad9c116-2f56-5421-a0f9-59d3c3178879", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b49297b-5a59-5b97-b49c-b77ddcaa5ba7", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-context. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f2b8764-f85c-5c8c-b24b-7dbb04eedd17", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c3bc47c-a530-5056-999b-e4abf59a88eb", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:faae5ab3-7f89-5892-8aab-1320ae49c42b", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84290762-e2f1-517b-8429-e06c7c14eb84", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9614d86-dff3-59b1-ba5f-a2f8b8a58488", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7e52a6e-eb4a-570a-8908-4d568d95bed6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.39.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51d2fe9e-7f3b-5ffe-8d79-7ec3ed86efed", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3be7de8-5aa3-56d7-9349-8b368d505f05", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aecc26f0-95e4-5912-8117-666d518e6647", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab710028-bf75-54da-bfc0-c6571e064343", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbe6f2a9-31b9-5ef3-818b-be09b3c49703", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6c50b85-7a1e-52f4-b542-c451e0ba7918", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c32a4fb0-c55b-582b-b191-28c5f6c47f5a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea671e42-d2df-5140-9804-7e7af87a946e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7208107-1947-56d5-8275-8d28f84adeb0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdbc3f12-6c8e-5f9b-96d2-0ab2a9e9b272", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c588dd2-09f0-5ff0-b1dc-f478407c6998", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-context. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38c88192-5274-562c-866c-41bf6f1cdaa3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccea981f-6e2a-5d8a-be00-5b80f0181a0c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89e385b3-f148-5f2c-9c34-42664999b6ec", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b86a39a-e9f6-58e5-a6be-8e823e8217e0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb3bb96c-2b15-5e3c-a3bb-6bfbdd4051ee", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91d35aeb-67a1-5117-9493-97c414769875", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b09e5f31-16bc-54b8-9d44-76fb6ee613e7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d558edb-dce1-5557-9da6-3749908c78db", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4d5e9e3-b27a-5463-9ea8-c5b33676de8b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38bc516f-0691-5d44-bd90-24677b3f9fcb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20475f5a-ca8a-557f-9070-8daef4a28680", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2eccf1c8-35c0-54b3-a508-49ea839f5dec", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c13d58c6-0fd2-5da4-a5f8-3e0136188cb5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5a2a7a7-f609-5071-816d-cbf23e50f958", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.1" } ] }