{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5e5d396e-93af-5d5b-8c93-12105242c1ee", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cb3d355d-4ef5-5170-8d54-04f1b6e5efd7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5a5726ef-f3f5-5436-bbed-6f7372b399d6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ca56f212-3f23-5194-a8ac-d1bc99cb26cd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69418b7a-f137-5fac-83d5-a920e61182e6", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d3579399-53fc-5a95-b247-d3a6f92b8395", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a419d85-75ff-5415-a025-87d37fd022fc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b58ee5ce-0f24-5053-8ddf-6e9c400a1daa", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ba1171d-306e-58d9-a0e5-43fe5af564ca", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9383c097-3ed1-57ea-965e-930832777a70", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7c0c958-ddf1-58f0-b02a-47fc55e9455a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6c714184-ba97-5117-afbb-1484ba2f3fa9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ffbd31ca-37bd-51a1-97ff-00e9df753a42", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3b5d1c95-c80f-57b5-8606-5a0dbe7b19ce", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a03130d-d31d-5d52-bd27-8e471c41eb56", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fcd0af93-5e9b-595b-bd13-588554c9f025", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:11167ef2-203e-5355-a819-439a4fc8a5ed", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:09eaaa5d-7bab-563b-82f8-93f6ccef9401", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a693587-6b59-5ffa-be3f-10747e437b4b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0cf2e201-2315-5f45-97f8-8bdb4400bf45", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a01882c7-610b-5cbc-8f71-54e0d96d86b1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:557e7b7d-23d3-57ed-b524-a0b819cf75d9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fd352ded-9f3c-529d-81a5-a844a0cd91f7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d97ee82-3a2a-53e8-b3db-3f331db0ceef", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ceb4d6d9-af2b-5a79-a275-a32c65d8e2f0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38baf43b-8606-535f-8860-67de0d659618", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:147e2205-252a-5d35-bc94-a8fbb7e6eb14", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f5c1cd84-e214-5613-8781-025d5863d32b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1a5a8dbd-0cdf-53a7-ac25-97712a357377", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d9974fef-6224-5f6a-8ba8-48dfa746c16c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fda898fd-f4b5-584d-8da2-e1c1019c1e56", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:47090e78-98a4-5193-9948-c20101a25f07", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:655c9f79-e2fc-577f-bc80-01bd5f38d805", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b20f2c61-6bec-5bcd-9348-9d331d2578aa", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7377f58-5fbb-536a-ab87-cc516672cdff", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94a58d97-1ea5-512a-9f3d-d828662e142b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:afb4ac77-cdc3-5814-bcc6-525c7cb7f2d0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1a3628c6-c484-5952-aa2f-4f4ad1301b09", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27-tuxcare.5" } ] }