{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9acbccc2-14f1-56cb-88d2-4c52e1988737", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e08910e6-b09b-5fdc-bed7-8086d3fccd60", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99deca75-7492-5bf0-92ee-e97db28a8c70", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f62b58b0-b73d-5fd6-b30d-e1c8fcf3eb6c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4d5f25e-3547-5fd2-849e-b806a1f7fcbd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b90f4c33-9973-5560-a757-9d3e80a75b4d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23f75e4a-81b2-5a64-a344-ec4d76608240", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ddfd0919-e04d-5bcc-9130-cc9daf5d3e16", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:425fb4d9-5a12-53fd-9f70-517c17f42208", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aaf0c6f3-9579-5a35-8e3a-c3a1cd3a4d54", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:319da9d5-ecd7-5725-b0d8-006b2ba7b49a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07ca694c-0f46-5536-aea8-1e04a606da1a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95322461-5b1a-52a1-8dc4-5f63756fc660", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eda22cd2-d4a1-5934-b9da-c60ca76e42e4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a87010be-3fe7-5f10-840a-24cf78f46514", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b0e1d1b-bc1e-5c25-b39e-c87e89d6218f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4010a1d-421c-5219-857c-c771b7a00923", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41d1566c-ec35-5fc0-9719-054f0eccf404", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d521d3a8-c487-5673-a55d-381a6dabdea2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cdc6add-f11e-5e0a-baf1-afb0cf03a412", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f42bacd-4891-51d3-97a8-927c3d8043b3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5ec3881-ee09-50ef-b8dc-ded4805c807e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2baeb8ad-40bd-5cb4-bcdd-066c4ea8e715", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:471e1064-2bb2-59fa-a7d3-6d859b67bd83", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d7a4fda-a543-56c2-b1a7-ffe1bdf583a6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba3b52e2-5983-598a-9c78-31064f391070", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85a1634e-0614-54a1-9060-5827fe5d68d1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb5e26f6-942c-51d1-ad09-bc628bb1bb30", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1952551e-8be0-57b5-ae1a-d76e71cf2b60", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e0b3697-6513-51c3-bcbe-b46949f936d7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d426c6c1-4b4a-55b6-b8e9-4122ecc28cbd", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f547ec87-9e28-5d51-9bfa-e328fd4670a2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:314e1d95-24a4-5c2d-8a36-eefea524445a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e86f3b3f-0a16-5ccb-87c5-0813723375da", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:806aa0f0-cd5d-5833-952f-c7b75b982657", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d529ed29-5e2c-57cd-a0d4-f6bab3e16e0c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9703dfdb-0d0a-52e0-96d8-3bb31e22fdfc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca016c1e-9f86-5394-8cba-301c213489de", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.31-tuxcare.3" } ] }