{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fce1e4e1-33ec-53c6-bb56-38268e5a4c42", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a0a8fe6b-7d3b-5d5e-a87b-b92d33879392", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8ad25f1-bef4-5f23-ba18-e8ca6a710ba1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1661f98f-a2cb-5e57-bcea-767d55565f5f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17f13e85-09b8-54fd-b887-41ff9512bb60", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d644a76b-dcaa-50fc-80a5-e6b29fe9e953", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:367747e6-4026-54df-9efe-7a38e8d7e943", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a6a8387-eafe-5470-b8a9-62c937610c82", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:449f6c41-c16b-5c48-a11d-093e8dc84ec9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7dfd2dca-e80a-55b2-a93a-f3d0cbf0793b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72fce6b8-09eb-56d1-826b-02992b9a3c55", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54e2fb3e-8121-5029-a0d8-326f68d1fddc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05429bc2-dc6e-556c-9e53-ae8964c1ae9b", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f948dea-1860-5bea-8fd8-e130b7beef5c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1fd3cd4e-46fd-5eff-8226-fbdb433cf829", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88118483-0662-5c64-ab43-19f1d9c39d32", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd280109-4948-587c-ad8a-fdc6607a35f8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3957de55-5715-50b4-b3d2-f959759495eb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b89997b-03d3-566d-ac54-26c34ebe9f86", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19b72554-5906-5eae-87e7-4c0ae8e98b7a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e346b807-8e44-53cc-8758-0c04e60395f4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf5f0bc8-7269-59bd-b8c1-617caf8fdff7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da09edb5-2700-53f4-8730-ef8b4796a746", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4cedb38a-6601-5533-b4a2-f028f9ed4ebb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62613adb-d8cd-589b-9c96-7a52427de3fc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae24d700-7769-5abc-8400-992ec058762e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10b5d455-9f4e-5a7b-936d-1e76d6930248", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd402bb4-a58b-5b50-9566-9977528c5756", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d57dcb7c-596e-55b7-bfbf-9ed0dda1525c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eeee5e17-c461-5873-858c-ba29f6bf4c3d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:277c8c07-c8a9-54b7-945d-486e52ffe669", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:765501dc-d8d4-51cc-af0d-a8a941d8aa99", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3d95c6e-6fee-5b91-8392-a46eb1e835ee", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:becddd6f-ff79-5922-9b8c-6129817cb39e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57dcdd85-9430-5abe-9fde-bc1df310ce51", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1860024e-325e-5a02-af8a-ce5eb6cede50", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54f15176-384c-5190-b386-628833400c2e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f51c455b-37c0-5c53-a659-82863cff99c2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31-tuxcare.3" } ] }