{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:11d26cac-6ea0-5196-848b-c32d7638f41f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "5.3.39.tuxcare.6", "purl": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c62f2f1b-ebbb-59b8-bcfe-e99d5d098ad4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:00e16b8a-224a-5b57-90c6-7bd304dcef64", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-context. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:967522c1-c6c8-5faa-9f73-f08052413b29", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5adaee6f-5368-5cc9-95dd-1c71e8b74a40", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6bf5d979-feac-51cc-bdf8-a06aef212846", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:507c69b6-9f53-547f-8faa-505490c5b3cf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1bb2e3b3-2903-5b93-8f40-80503d214167", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7971e766-6d41-5e5d-b9fa-d31d37314e9c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-context 5.3.39.tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3a04292a-4f78-506b-93d1-28ba8b0a5462", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:007f1ffd-6aca-5ea1-8e56-ad94a467d95d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a6722219-6151-5d22-9369-12e321a4e9bc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:52890335-5ff5-509d-b988-2a90f4a03655", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2a44d708-6e96-5bbf-a730-78a2c20be61f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d20ce680-08ac-5fe4-935a-5ed1da6090ae", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6373f373-51a6-52af-a60c-41d1f5c1dc01", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:26c3682d-61bf-551a-84ab-d7f2c1f4a5c0", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b0621e8a-8553-543e-94db-acf63a8a1fb6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b0dfcfe7-c253-591b-b773-d442f80b6358", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dcb23142-e2cd-5fb2-9152-69739136a61a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-context. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ac0a7d86-30f1-5984-bfcb-0210eb8f579a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b09e2047-0f05-5b3c-93e6-a0baaadf5abc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9a09bd1a-a1db-5194-a0b9-bc3d76109a1d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c7a912d-aa23-5dff-94ce-b7a254399162", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c6e1006e-48d4-5ffe-a33f-2c0912877328", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c004d5e4-65d6-5c30-9ff6-89644e6f5b20", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cf9cddcc-9925-5ea6-bb31-172de2ae931e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5084e95-028a-571c-bd12-5e6e3562bfec", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:aa9fbafa-6b8f-522f-b7e7-0674ec17065c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f902a13d-6c58-5c6a-97e7-1641fd3b4424", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3cc7271c-9a9c-55ed-b3ee-c653ad4afaba", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f13fb799-e4dd-5ae2-95d5-e3f807a1a362", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:48083dd7-e984-5900-bd11-139c3676e4f3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4670b39b-f210-5dab-9b53-0c37140a347e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.6 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@5.3.39.tuxcare.6" } ] }