{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60320ebe-8821-5bbc-bf72-627873055078", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d508e040-fac1-56dc-93ed-cf428cd0a332", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55569d18-827e-510b-9c98-754a68aba202", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54c2498d-f9c0-5851-913b-d7a2e755c0d3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7db2033a-b2d7-500a-b28e-1d0e68a21021", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1a73f4b-8450-59d8-aef3-a4b0aac8844b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26340c34-168f-594b-a933-1e474ca1b14d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8d69ec5-8283-5929-ab1a-612ec6613588", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:479ddb1c-3a74-578d-b23c-61d8355bd4c8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a033a73-8bd7-5c6c-821b-a634d9b719d4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fdb9fa3d-305a-5e50-a845-2f510472010b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3611a89-0087-5125-9147-14e0118d7dbb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd329aff-7cc4-5172-84ea-82587484a41f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a8382a2-1cf9-54ff-830f-20997a1e087e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb7d7520-c25a-5669-b3cd-313d20bb85c3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4570c1c5-95dd-5782-87b2-2aad9ca16b5f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:113d7a7b-c376-5c33-8a9e-223595817de4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89d237ae-024b-5adf-ae2a-ad696ff0a755", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:491ae192-d70f-5c58-b736-8f47078c9a90", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65ef7a6c-a3ba-5adb-800e-5c122d03f867", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd5954cb-a554-5854-a432-95400aeb23ce", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e337daad-5d5d-59ac-ba02-1f7ea97d73f1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eddb022f-3084-5113-8b04-bba80d011da9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c33033d-9baa-538a-bc79-c3aadde14bbb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:117324fb-1197-5f5e-9f29-540f43186e4d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adf3b44f-61ec-5df5-b88b-630cb11a2960", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a573042c-a562-5005-b91b-41a0a83a9e27", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdb04cb5-194f-5853-a251-4ec3727e7784", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e59d57e-e70b-5b19-a04a-429da2ccc776", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b83133a-30cf-550f-8a2b-3ecc3c2cfabb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68a05b1f-fb14-575c-9da1-43f374dd68d6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f2838d7-8ce7-5362-925e-fbf33c2a4bde", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93536620-440c-5d16-a9a0-5b167f70cb85", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84720fd9-382b-564d-8a32-4e1cbac31c27", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fc0c166-ed9c-515e-a5f9-5dd98e174dc8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3684587-a348-578b-9876-7cfdc55c3b9a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:733b90f4-45ad-5da3-ab2b-632057dd12f5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c46519b4-a17d-5748-b2aa-8e5320d9d35a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.2" } ] }