{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aab52afa-92fb-5460-8153-146fd2c0df11", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:75c4a881-ce61-5892-8acc-da7c5d971c2c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04c6304f-b928-5970-a0e8-79727c71216f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:743f8284-6d49-5fd8-a787-e8efef7786a2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:faa877f3-7999-5f33-a1b6-1931c879a4f8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53e146d3-17b4-5739-b2ba-aa456c5e6524", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52cb50ed-8d54-50b0-9390-24ce5142cc12", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19058333-7cc2-57fc-9f3b-bf87f53817c7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f14dedf2-ea5a-560c-8d02-b0c64e8ab543", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db3ba885-4d29-5963-bb88-7c99b6a4801a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb781274-bafb-5a62-932b-33f66069d9e7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6281a84-d7af-5f3f-be0b-a1d748e89b9d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ef1be37-4b9e-5f9f-afa8-ab07118c004a", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b12b1e88-1c6f-5e0b-834f-0453976acdb1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bf02fbb-52f3-5997-abb9-7ae59f9cf9eb", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22999afd-c2cb-5755-9518-1e052ff77daf", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da504e80-d852-5c59-9974-757dd113daa0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7cf7a76-1196-513f-bc1a-9f4b079b1464", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36d3e057-cef8-5793-8e4a-817efd55cc12", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d593f8e-d585-55ba-82c7-f580954a36ca", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78c4fab1-39d1-5067-933a-888975acced3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aba99153-f44e-541b-a552-7be1e1e4f995", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f68b6902-5794-53d9-aba5-47a001f961ed", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe97cabe-a56a-5e1b-8898-7fd99cb00b58", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36b28e9a-2690-5a00-8790-880ef73ba406", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:385eb64c-1233-5eb0-87c6-7e212852bb58", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ff37e26-70a4-5dbd-9228-35f2facebf88", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46e17fcb-4018-5894-8f92-9ba03735a7b8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6487e371-348e-543a-ba58-07ef08ec3335", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61b5e51d-a36e-5292-8ab6-8f3956f290f4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e42c7052-e3cc-5478-9f14-dd14ad6fa446", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aea506c7-4461-5a37-8003-d41f19cca674", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5a46410-9dc3-53f5-895f-9d99a0f824de", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1bddd62-3dd3-5c19-a089-7743d3e84097", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c948141-be8c-529b-9376-484214194329", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3faaa87b-8879-5d8c-8c4d-7d8d231cf76e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:527fb543-95ff-54a7-8d03-932331b7eb96", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1de1aa71-7b23-5ef1-adb8-de04f18d324e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.31-tuxcare.2" } ] }