{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b3179092-1a61-5f4d-9658-2b019d9f3298", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c86e55a8-d09f-5ede-92c9-5cdfacdb9d90", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ea296ed-6a46-5194-9483-ecd092279ff0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5379ea5-b073-5552-ac94-a7df2d68f1bb", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:979d09e2-cf14-5b76-99d3-e6a7c3f81e40", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc703e99-d7e3-5d32-a009-b5ca2349302f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dcd7300-af93-5f64-8f4d-fbfc9fb231ca", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67889a3c-ea01-5c3c-9f0e-a3da873cbef9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2395df4c-06a9-55d0-b32d-aa3a9a75a4e7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f63cf25-b3c0-5a9b-b01a-db3900568a10", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee8af8c7-85b5-5a93-adec-b939e9366490", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6669306-e000-536a-9650-ac6dd67532bd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2fea2fd-b64a-500d-96ca-46bb54ba7069", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd7bbdef-3a71-590e-bb1e-79c58ea80b61", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09df0a37-a5a3-50e2-9ab5-73f6849e074b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e651518-db17-59d4-b6ae-004f448bb505", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:697f21f1-93b2-5ee5-bda7-eab980e99a52", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:018b477c-dc5e-5d37-be9f-8650f115b89a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be0a00f7-f57b-54a8-975c-d986e4096341", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63703f41-4037-568a-ae20-899ca61daa1b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:733c2da8-9d8c-51c3-8542-ae3525179aa4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:927d04fb-6ca6-5a23-aa1b-b599441f0493", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0d854ad-c477-5f19-877a-51216eb7b2b9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:faf11fd0-e985-5339-838e-c642984c73f3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4df8aa7-bd00-5040-b7ae-6cffcbcfe48e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:148a51ab-cc38-5b33-bca0-b6e0d520e08f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9e51086-9004-5224-8f17-7fdcb9d620c2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b1a2466-e021-59fa-959a-177e4f60d626", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a949c19-c473-5023-95d0-216f752d194b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47a196ab-bc22-5af1-ac85-821448368df8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3594b8d-c447-599d-a7f6-2e53d2c18699", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58994545-fbc7-51af-b335-63679050b650", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba6e261e-b060-51ac-a77d-c46aa61e922b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0409c4e4-20c3-5e8f-bd82-9bb9fc24076b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3184c40c-7305-53dd-a096-3cc7eb19125e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edd6a6aa-13d8-5338-bb26-4042e74a3c5d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:016c57ec-1584-5f05-b7d5-b1323d68dcd9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27a9cbd8-81f6-5ab4-a4ab-d4711f2a50c7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.31-tuxcare.2" } ] }