{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6e344a72-3cd8-5d5b-93e8-35ab5dc16afe", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f73953f9-4ca0-5435-9d3c-f868046e5de3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:388d9cf0-45bc-57d7-a103-c5930805c0ca", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b91c497-63fa-5245-bf3f-a78f54ee96ee", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c15045c3-f5a6-51a1-bdaa-e5f26bfa96e5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1b20062-372a-5ada-a9ec-46a7090b0b3e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fecce85e-f662-5177-a642-a2fbfed581ba", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf6d95ef-7adb-592f-8a28-245e62be7452", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4eb6a28-e221-5af2-a763-7fe0268c00e1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b12dc1e-dec2-511b-9029-1f6333218db3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb60449b-0435-5d42-8ac1-44589d84ca48", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9c355c5-fdc2-5899-8793-83b75f169bc1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b0ff882-f253-53c4-8a4a-4c6366b6105d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3191f3ab-77eb-5b21-a3aa-02b37841cd54", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:346178e7-6096-58df-9749-b8a3003b93a8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11f2dcd1-d07c-5b6b-97b7-dbf9b1a5b53b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:baeeed04-96a9-5182-a327-da7a7d15e873", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7122c86-4ff2-58d9-9d3d-888b4eb08875", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ca701f8-ec94-532b-8ad0-9784fe7dc4f4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9bd6074-1500-5289-b5f9-09b0e9316d57", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f5e24a9-66e7-5391-a619-6e1e99af3321", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb48e81b-cd56-5c2f-a8c4-e590e26f5b3d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89e2a47f-5134-53f6-93f2-4f4192031fc0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69be4554-fa85-5f94-a1a1-2fcdea674ba0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc9206be-cf91-570b-907a-0f282f8d0684", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:912e80a6-c8e0-5021-8ad9-dda81fe5eabc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05a26629-0788-56ed-87cc-d2d0a524a681", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9027ce32-56f4-5698-a352-3c064c06de0e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd9d2b1a-b5e4-5b85-81cf-3a86415902ca", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26b1abe1-d741-522a-bffe-f6442fec9ce9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27ac61cd-335c-55d7-bc87-233ea9a3f30a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d63d7e03-88db-5994-afdf-72bf4d64afa3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f8a1a35-7755-5a3f-b982-eb34fef2bcef", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b2985b6-01d0-5e5d-835d-a3259a14241d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58059229-13ea-52af-bc06-a796cfe8a27c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25b0e77e-8a6b-507c-aaa8-77cab27011d7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73c2acfc-9f6c-5192-a494-dde1f5ae53f0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a07c8bd2-0627-578d-ae0b-60e98469eb90", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.1" } ] }