{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4d8b07b5-ca83-5864-b7c0-8dafcfb29f9f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:19ea34dd-dcc4-55ba-869e-5aaee4b2cb53", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3df3bc29-0715-5d61-a440-b3f2a9645621", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:408a83c6-3fe7-52b3-809f-9769e1c2b295", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64ae1f67-8277-5fe2-96a2-7f7e7af5a33b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bc3f59f-6181-50b6-8ba2-2951dc36eaf3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd8f9a2e-1031-58c5-9fc0-2a0c5ce19e33", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:131d6884-cf28-57ec-a987-d2eba2bb0299", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf587e3b-2d31-5f18-9dd6-416863aef6dd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:886d0c74-af26-56ee-99a0-cfe1c787d2d8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b07fe6-0d70-5559-9e48-3f10d4bd5916", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ba4f2c0-1f16-557d-83c0-fe60b7dd9877", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c87fbc59-110b-5608-b943-c1f743e0b678", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1200a3e2-57b2-5823-b028-2caac801bec4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:591092b7-622c-58a4-a5b7-4f9b6c8d27da", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bccdf40c-ff8a-57f4-bdc1-f8dcbe3ba31f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38f01bb8-eb2a-5616-a3c8-da5ec9a92e8b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c062e49a-9ac7-52d9-9d15-ca2f042d9732", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aeb1634e-fa48-5410-9d3d-05d58b137aba", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7add1919-138f-5358-bccf-9ea41691fe4e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:494c64d0-7676-5e9b-bf16-92b92253d719", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae201fc4-7f54-576a-a667-c0ef23256083", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75f5c938-3e04-5685-ba07-69a51bb8c7c6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b45f189f-652e-5408-869a-79ee0258216a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:266c553f-289a-5429-9013-7da6863e60fb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e43092f6-d5aa-562c-a044-b91108b07083", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2ae4cf3-4dd5-5966-99a6-4614ea1711cc", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ef5d573-751c-54ca-80ab-550055d5e19d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f646f58-24a7-5355-aa03-3af6111d0c2d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:910a07ea-b541-5158-ba00-30ca983f2589", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f09b83c-2806-5712-a95b-4c2403a94ac6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5dc9cb8-2899-56c0-8d13-b5005a88a13a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35d11da0-df78-54fb-b81f-bc7bc2a24be5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ffa8e86-4878-50b5-9f4d-a1a0bdd6d64c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c415e41c-c74b-56bb-8cf8-39b2b1250cff", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81fbd324-3759-544b-a6e8-2ed7cddc5512", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65d581a4-8907-5fd5-96f6-9485fbb8f786", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:601a82c0-1e93-5df0-90d6-101f8cf994cb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }