{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:879f387b-7995-5a90-b893-117169e1c4da", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:97cdc565-9321-56a1-8592-ad448d611514", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c6b64c35-f35f-5d3b-bcc9-a2fa75e9efcc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5ed24536-39a8-50c0-880b-bd899978341d", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:cf705259-fe88-5066-a27d-77a99c2766ba", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:60ba0071-4167-523d-bc86-a67c000ac7a8", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8bee328f-8037-52d3-b6c5-85ce328871b7", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6bb8c265-d9f1-5e4d-90a0-74df26260939", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:29bc4595-86c6-5b07-adcc-715f52b90ef5", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1be9fa62-da86-5419-b570-d92ce7fede6a", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:decdaa7a-7f55-54d2-a903-7e617987d46e", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3a2076fe-9a3d-5ef9-8906-512a4a469f70", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8598044f-aed6-563f-9a74-5a3b7088768c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7b2848ef-3273-5138-b378-36888fd82ab2", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:12717afc-4256-52b1-ac93-3f6d1e03a6ad", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6f50b045-2c7b-5488-8f6f-434edf4ffe44", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d55bfc11-aacc-5ace-96fd-1faad784032b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1a07722e-ef14-5873-89b8-afda51df574b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c5c39983-e8ff-5d89-829c-04fea1727c1f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4957f0e6-c5aa-5af0-9b4b-cbec9b95c75e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b02be4a3-6d78-5fb3-989c-06f3a31eb637", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e4fe1eac-cd87-5421-ba19-54e989e67f3f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c2919a9b-4b03-562c-84fa-76c702486390", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:376b4a6d-c673-56f8-8a32-7b33464ddd82", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:01bf8655-4458-51b0-9149-634bc0ef49ff", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7b8008c3-47a2-5234-9c26-686a596ed8a0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c6d1a10b-f163-51c7-8998-82e53409b216", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9689f778-04d7-581e-be23-147a273e39ee", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:97ac67de-1edd-5623-84f9-f4fd2e3871a8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bd881674-71dd-5cd7-8f9a-b0cbc8ccb4d6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b5fbc9f6-8c12-5240-a7fb-67e2d4502c3e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:14902ed9-b314-52a8-a204-69a9d6cbfe20", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7feb5619-2268-59d6-894b-5e22b779b978", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:24734ba6-dfd1-55a2-bf3b-75fad7cd4141", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6ff5268f-712b-5a26-83aa-12d90ccf5956", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7514458d-38de-57bf-a42a-42527faa9658", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2e052b46-9241-5fa1-9752-2b8795ea00e4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e3b86a86-77eb-57bd-9dfb-e96239b0465a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.31.tuxcare" } ] }