{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:47bc0c91-2268-5eea-8301-7d5df65525a3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1224ad93-3715-5a57-b2a3-63c7aae207a9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6f69971-d35c-5da6-9d2d-29dbc1713107", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f61b196-8110-56fd-bde8-becda7714c35", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9203456b-85c1-58a3-af94-1835dfc0a6b0", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb805646-4bcc-523f-b53c-8fd021c6a315", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09f7d68e-13ac-5602-b908-636050d8f6fa", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8883f92-5e4f-555d-9a59-0a618c785ab3", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2473064-234d-55aa-899b-f84c499deece", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b87a97d-0f6d-54ae-b0bf-ec47b4fadfc8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:428fabe9-27e3-5622-897c-100e4110c108", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1455206-7ed5-5bce-9c54-963a823c27ce", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ace0959e-0092-5788-bd7d-292998bb17ae", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a706ab3f-82f0-57ee-aad1-fe36aa4b135b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b81f2e2d-31d4-59c6-ac67-e8fae9cba870", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:175a78e2-e17a-537b-9358-74e1dd1230e6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de58a9a6-2bcf-5a03-9a93-3bf88b69846b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7701d9c5-a0f2-564e-ad4a-cc574de068bf", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0b42c86-4e8d-5e2b-b92d-5d29b5bdb586", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a04bd4ad-f7cb-58a9-a83e-d3b9eb4437f6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:878e07da-fd9f-5952-b5ea-4e64cb894513", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dc4d00a-498c-515f-ab96-75b71b92e231", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9362453-d57a-5dfa-a3a6-dde9aa7271ae", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24b5fd7d-160f-5729-b599-b7014f82f93d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1305aa5-1152-54d5-96c5-92752d46d6f9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63150055-e880-5bb8-9f40-7561021e77f3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da7ca56f-96d7-5ef0-9366-240bd3f1bb60", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:add8f20e-7bde-5ccb-a892-b8600d86d457", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3bf7a38-4bb2-5a9f-b34c-96606fca5aed", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62471778-e919-5e99-9dab-51ca00cf6e1f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3e8101a-33d4-5773-8892-07244c839fca", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff99d3b5-fedf-509e-afb3-923eace49d0e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4a2e5cd-5191-5dae-99b1-f75f1edca7c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e06e547a-7f0f-5935-9ab9-6738093d9d38", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e8a7c24-56eb-5853-b4de-e1ae1f2bbce7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecc824d2-38ec-5a39-a4ec-c2ad58bf3c15", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:676f9d54-8b0c-5e44-90fd-ec5cf0debd33", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ba5abc0-25a3-531f-9ea4-e0173f99cf59", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.1" } ] }