{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ffe5de89-92f4-5592-8988-9baa83a70876", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e0ba0aaa-507d-53c7-9c8d-4ad0ce9512ba", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:662ac0d4-38ab-593b-ab4f-a608b58bd22a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06dc6846-7393-549a-9ad5-5c1a49df1410", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe7d91bd-56fa-5a2a-be9b-3fd666c64abc", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b71f4d0b-ba43-5abe-91c4-5fd1846127d4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c43f37dc-fd0e-5924-acfa-a4935f0957fb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cd68aa4-a1fd-5e91-b7d8-135b524383dd", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76243f0d-618f-576f-a4a8-6e9838d1a39c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7960773b-c767-56ac-bd0b-1d452a26e0cb", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d708257-5e22-545a-97dc-ef87fd346d37", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31cc89ff-24de-5a5d-a3a2-da44b85a4962", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcde8a5b-41d5-5491-b5da-1a59070bc7df", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9e60af0-1b06-5677-bf73-2c1faf894811", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed0980e4-67c8-5335-98dc-afbc4e2e48f6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f393aaf-6920-5cc5-83c7-bc71a161b659", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e4dde77-6681-567c-beb9-1a3ae4c5ba12", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10cc05c3-6de4-522c-86ed-c1edbc5f0a87", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e96ac2b-1855-5d7f-827e-dce78c2a3f62", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49737cd8-bd52-5138-8b17-2075203a2f4b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65fe9385-0e1c-563d-a5a7-fb833ff86c3f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e319c4c0-1a10-5209-8104-0b833729dc58", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d05a8a2d-9a2e-5298-90e1-f104eb797002", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e3c62f1-1468-5973-964b-836846b5fd3c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcdf4a6c-3d49-55a3-85bc-64e649ca0e82", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:579ef33e-1d16-51aa-a475-c7d5af22f428", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f5f72ef-19b9-562a-ae9b-b9c6b31fe232", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94589540-39a2-5c1e-939f-444940322799", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86b3382f-7c30-597e-a557-56ecc22be854", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e851f52-e109-5b04-b894-8837a4921ad4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:821683e4-7798-5dfa-ba44-d3f54e666e16", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79f76c58-c43a-5297-92f7-cc16fd7a442f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c26a936-8d27-5349-8d7f-0e037b237bcb", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5be933b4-2043-5287-8dec-45626f45abf6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59a1698e-99b1-5738-9bfc-5cafb70decbc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6427e56c-6673-501a-afe4-dc10ed593a3e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e59db34-550e-5274-bb77-fd2dd8a0ec43", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:918770b0-4f60-5310-8d9b-0d046899d96e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.2" } ] }