{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:68bc4f74-9408-55ad-94a6-2c0f859ae255", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2fdf825c-86d6-5fed-b9ef-3b954d5a5915", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ae7244df-38d7-57b3-aff7-2172162a5596", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:990a36ec-9c2d-52b7-bb34-d9a5796c91ba", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:302b2f82-b5b3-5347-bbf6-77e758b02d69", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c8ead035-4176-5595-8672-5b5728444d31", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:637cd983-3ce5-5a64-b36d-eb3199a1d980", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e8d1da1e-0a28-5aa7-8de8-e697564a0198", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b8f2a606-c90c-5081-85b2-8a44059b09dd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e8291809-9408-5366-bb78-28ef893a07cf", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8f0c70bf-b1bd-596b-a1f3-ece26e0b7066", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5912c342-5eff-523b-90af-2bd03cb72f70", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5767fbc0-b4fd-5fd6-9d25-35b1fde8a6f6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:82c51cb3-51a5-5dee-b57e-58c64c4d7b4e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:19fbac5c-9e9a-570d-a56d-4eeaa311ade9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:10c0c76f-59ce-5b84-85c8-68189702f3a4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a94bce1a-64a8-54cd-895a-9dc2022b7dd8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:db940fdc-27c3-593b-a34f-bc53571d4a0b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6fa407cd-f64a-5709-b95e-a8a77065f985", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e6ff64db-a9b1-5ccd-ad03-994770037f37", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1dcec5cb-b1ba-5f03-8bc1-d2de7a406717", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9d1e686f-1379-509f-9371-16a9a44177d2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d4282cb8-0f33-5683-bca6-d9f7f2ac0987", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:39d7fe3b-70ab-53e4-b22a-10ccdf8e26b4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b7027e89-e211-5d18-849c-c20b7e1368ea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5f1fcd43-db8e-5595-8c57-f44720c49f70", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e1d42b04-762e-5ace-9d42-b4c0649bbac7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4d8b6f38-6c11-59dc-975a-0e1ce85d95d4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bba4da46-48df-5abf-b683-4898a66592cd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6b98821f-c11a-5680-a4ec-4d91da4d1764", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b4cba529-3a07-585a-9c70-a016d1a8e3cd", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b80e0c14-c552-505b-b8b2-3d2a69be954c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:288bc463-b7cf-591c-8b6a-f60046c9643a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d794ae49-301d-591a-b9ab-e570a8f19cf2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a90d3fd9-f979-59db-a609-99b7b0d34ef3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:aecc7586-eca1-5d06-9eff-6324b205c620", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0a20f6a6-b6c3-5587-a098-2c8af3ebf3a5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6a93c4a6-c5a1-5659-bd89-fdf3bceb41d1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }