{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ccd18de9-bea9-54e3-86e8-dcb31cf68344", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ed490290-ef5d-5c81-9795-4a85a8feb921", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:336680b3-0753-50e0-b91b-150b411e8057", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a6cc78e-406b-5071-9fd8-c1239bd9e705", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46703c11-b0df-5809-80f1-9f3400d9cc23", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8acab7df-61b4-57b6-b8ce-0d14275b43f1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d00c4922-b425-5819-86a9-1ce267c86f4a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7de051e9-d1ce-5434-a381-ac827b476679", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb15d153-8a38-545d-8119-b278b0a2a95c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3e4c3ab-68ab-5ece-accf-cfa8316a5cba", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26e182c6-0974-5f58-8c7b-f29cf703d8c7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48072818-d069-5fc6-baca-3de7decc0010", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74d83a1c-2e83-5f1b-a546-a8056db50bf3", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51dd9ac7-b315-56b3-905a-b58ec4acbabe", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78ec9e53-f33c-57bd-82e1-381aa2aa4168", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:109eed4c-6493-59f3-bade-8d26d0fc7245", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7db36657-71f0-5f03-b8ef-f68e7a1b47ff", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf08bc2b-2301-5b9e-aa3d-e44da0ec635b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b19544cf-e5cd-5ba7-947a-0a90578d70e9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:180441eb-4a0b-5daa-8fdd-0f247302c03d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0def5fef-0923-5d8e-8be4-bac641446b1f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abe3903e-356a-5aa4-aeaf-8469f4bb5fc7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f963558-fe44-5597-8f1d-d3b58024a8e6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b428660-b25c-5553-ba48-2bfc50957cc8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e67fb24a-ddbb-5a74-abdd-fe5cdfef7571", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cc4430d-8525-5ac8-9a45-31e9869146b7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17419a4e-39e4-5349-8721-63f2dc3dfac7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75498d0d-b42b-5408-9c2c-4b1ccd4e9d62", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec9f5f98-887f-5075-a703-98c156b1fc36", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4027ff1-b1a0-5c66-a8cb-f7ea6d51813d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe2f2ff3-4f62-5edc-aded-38dec0c4db5d", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77d59e38-0622-560d-a5b6-c6baec8ac7c0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26b419fc-1cb8-5767-8f02-032dcfbfcfb7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95ec1076-e521-50ed-bb43-39112069d173", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0acc73c9-10d8-5f06-a61f-7a3dec3bc0d4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:deb0aea0-a458-5265-b98c-71037d16dfc3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f98c1052-61d2-5efc-aa0b-5c0fb0a98017", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2c7d0e5-5e16-50d8-bc19-bb0b042b68b0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.27.tuxcare.1" } ] }