{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f2edd958-1f50-520b-a9d5-9a980174f392", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:47fec4a6-7758-5d4b-a768-4c329de387fb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab7503f-67c7-5978-9f2a-ccd41e576829", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cc0d475-7226-5d52-8629-a11fd25d0b63", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6454168f-1288-542d-b1bb-0ffde1b8651c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:189d5f95-86a6-59f6-9b89-ec0cedf6228f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ee98832-978a-5907-9a91-91d8a9abbf2c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebfa0e30-240c-5590-9e12-883e0aa45fea", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:679b66ad-4dcc-5349-9d5c-e6f6dc86cb87", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09c5c83d-932c-5170-8684-f5206cd1d6e8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:244bf285-c82f-5808-899a-97347af93470", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ee4caf7-6b7f-582f-9582-a38d95a6aa83", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b87eaeb3-542b-56f0-a24e-1b830530599e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77ddfeeb-773d-5655-ad98-a662cdb81a8d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a500130-f91b-5f68-9904-130a4a29cd5f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a423e6df-111f-52a4-b317-cf21b7af7564", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c6ed520-56f2-5117-9afb-acba0dd8d91e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bb430eb-451d-5031-a17a-8255f210f2bf", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:878d073b-7269-5b11-a0bd-32049824200b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62d1dee2-7746-5ae6-b6f1-cfa7ca3ea503", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08dc35ed-736d-5179-85ff-b44ed1b84cdf", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:759af665-8627-5f58-a184-3e85c086061f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:335fe49e-025e-54e3-bfc1-76d46ec7f9ff", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c5caabd-fa98-5330-926e-eb59e2fc223a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47de161a-0fdf-50b0-80c8-440d5d2a547a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcfd5dcf-80bd-5158-a2d8-6ce3bdc97439", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d1596a1-e26c-5009-9fbc-80e3ce5bbd4c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c296984c-51cc-5c4a-9b8d-67505d5dac9d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0442ec24-c9a2-5319-a44e-40c5d0806042", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61006708-4b85-54d1-9cac-5f9e77b08c5f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ff1d15f-4da5-5616-b5d8-4686fe85f673", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23a7656d-7fe9-531c-ba13-b111524cd28c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cf82ea2-2eea-57b3-af4f-acc716329802", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad4810f7-dd56-5879-8311-8014d6c27619", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e542e19-91c5-51cb-ad46-a912b1590002", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51c3657f-268a-5746-82a1-87aaa21c87e7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc8f359c-b85c-585a-b624-c1bc3d6235d5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6ecf74b-c7cb-552b-990f-a13f7c23f420", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.2" } ] }