{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5eba7c1-2fdb-54bc-af47-1cc4712d9f37", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1d481da6-ce3e-5f21-b82c-a2b79ffc67c5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de31b348-81b9-53ac-ad20-eb2f0f1da0a9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e30da955-5510-5583-9b2d-d44126474275", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51b226c1-5177-54c1-b120-a17987a00c4d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5f586d1-5555-5796-a20a-6969486d796a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51349827-817b-51c7-a352-6b143d3d0c1f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5f696b1-df94-53de-9ba8-c666aba3400a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a447ffc-d649-5b85-8902-ed22a2e77ebf", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05eff7e1-e0e6-53c6-b060-bcc8b04d95ba", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a746f2b-44f4-515a-b658-c3cd747934c7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf1e6fef-3c07-5553-a331-eba55019ceaf", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:408fb37e-6b72-5a4f-a0f4-7e00b127e8c8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05761abb-a06f-5a60-ac15-1a1e80b8869c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b66fdfd0-9143-5ec8-b8b6-304c0fa0d1c6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ee47368-dddd-565f-b586-b37b9368d03a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c01a633e-1460-5d61-857e-45ed85919fc4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be8811bc-fb63-5a17-9e83-d6fec547c258", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b7d81fd-6ee1-50f7-839b-3143a8ea9943", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bfc58ff7-07c2-5ec8-847e-adc615832810", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3891109a-834e-5fab-a57a-b40d9eaea3b1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ff95739-094e-511e-a0c9-d62d2c57a15d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40e51af8-39fe-5e2e-ab9c-19746a76d043", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb36f669-688f-5822-81b1-cc6321804220", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b00db04e-548a-5fb8-a6a5-0ff1bb2cf2a5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ca00328-1a26-50e1-9f64-fee0ed15a242", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29e391b7-690d-5542-87c2-c26af55bef63", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cacaf94b-5f14-5bb9-b204-544e94040995", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1eb22d7e-5622-5647-a659-13c90f2b9b17", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a53318b8-c015-512b-8623-58bfea38a2f7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0846a73-cc78-53a2-921c-8c04acc832ec", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3670d151-ffd9-5e3b-96db-bbb307e6f993", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57d88e57-a67e-5bb4-965e-21fe4b8cee22", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffb96047-91b4-5b32-b09f-e86b3db07236", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:312e9173-334e-5567-aeaa-db967f8939a8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3867e417-4901-57c8-bd70-c66eb6421588", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fd78461-0fe3-5095-9f7d-22e8e0328a71", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1327af9-c6e4-5499-9897-08c80dd692b4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.31-tuxcare.3" } ] }