{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:df80b3b4-59d7-5c81-b77a-2272a48f324f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:749eced3-584f-5a30-91a9-7da9e9ca84ae", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d3a4f61-e4b5-5d11-bb9c-41594808810d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c880f913-c466-5e02-be75-46c930b4f47c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02d4ee15-bec1-5c12-92f1-777c771dcbfa", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c9bdd9f-90b0-5ad1-b318-063e7fca4287", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a55e80fa-171a-508e-bfa2-aa6f7958bd5b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb1c1862-83bc-5f25-8c06-c4e3680eb007", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0d5112e-055b-5c8d-9f44-e877ee788bde", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:873c02af-3c55-51cb-95ad-6010f4835d21", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3989a364-09a4-5efd-9d47-b87b50963bfb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8645547c-6876-5877-b1f1-d73aabd6491e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:225738c1-08c9-530d-940a-8b188260f8ba", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5180eff7-2e21-500e-982c-f957887549b4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23b306c2-c5ec-5a46-9d24-9e2f42120e58", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b22b4ca-26be-5aeb-b3ba-e84a0fb43bc2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2242fbee-a3f5-5e01-a00a-6b1483331f3c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:205cb205-ce69-523b-bd3c-7baf3720abd6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04ae2a7c-cb2a-5cc9-be7d-93dffc44cdde", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29c11eee-a378-5315-b046-ddf26402561f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cbd438e-01df-5b85-a4d1-2bd29a95e931", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dcd86404-5f69-5039-bd07-564ab182edb3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7d730b9-e2c8-5649-86fa-99819d4c1923", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:384100ff-95a9-5003-bd94-2a6b26ce67f5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63611ed4-27a9-5b19-8ea5-d4c841a8f04f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a6c6b22-474b-5106-b236-12013f13822d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bb6886f-9110-55eb-b03b-1401ca5845fb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65b646f3-7949-5976-b48f-0ab614f05296", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df193bd1-3877-54dc-afee-3528bea62221", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47653570-7dd7-5864-91ce-1677a3dc5a48", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52f9b281-900d-57b9-806e-882684ce8875", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa22efc5-49f1-5433-9db9-f6d5abe04095", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92261458-1e53-54c0-af44-be33148329f6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59e91f28-f097-518a-92ae-0d104a0d9a87", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:043e5327-2f55-5d2c-be0e-18378ebb77ca", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f098493-a616-50fd-9735-2fbbc5ba7d7e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caf8c182-3cbb-58fb-8792-c0a6a8c93b1e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ac5ebeb-81fd-5c7a-9940-7d250f0f8771", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.3" } ] }