{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:37f1e0a5-7e30-5091-9a0e-a9edc9e195c3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7f1b22f4-7848-54f6-83b2-c5576ff2fe90", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fea16f5-39d0-5253-acef-c16ddd6f80a8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4e44b54-5582-5ddf-b432-962db2c8d69a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e0ab642-f716-5836-b23c-a3750e2f9477", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:878b27c7-ef29-59bb-beae-d2889bbd214b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42f00833-2ada-50d3-9e89-b61deb7b996b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7562995-d88c-587b-b3f5-99ac7ee248d6", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c345557e-6966-5dff-8a8c-935378648743", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3216c679-8252-581e-b0c1-159db8389e1f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c93e886e-3549-571b-99ba-ddb4972572fb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10f48712-9e9a-57ed-8d65-53c665b5a05d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62bcee61-b8e3-5869-b294-1eb924c9abd5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24143328-e94d-51c4-ab1a-99ba590d8918", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec832ec7-74b0-5835-9c19-fa0c8e5083e6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36da90c2-349e-581a-8642-1d9a9229957a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6708c05b-0f0b-5ec3-b4a1-054c5fe3a528", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60498f46-0a3c-57bf-9ab2-5b08d83bdfc6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c98a493-edac-5ee3-b758-3bb5db701e19", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2988bc1b-3306-5664-9520-11caff8caab8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8c91c73-1b75-5c40-95ae-090baac73e10", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc618d47-9bbc-5b5a-a1d5-6f2ff1d4e863", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69b97fab-a785-58a8-8759-3042a8d80be3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e580ecd9-cad7-55b9-9b96-3494010c0e60", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd1200c4-3fa1-5352-a75b-2f2e484b56c0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08ce3be8-4a2e-594c-9a58-97140ec04992", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee51084e-8344-5032-b738-9e8cda0a5b9e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a97302c-c6fc-5e8c-be1b-8e88a4a4207c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb75b2cd-09bd-5021-9223-c2461e6cf442", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f7341ee-a1f5-5374-9b4e-13ea24315bbc", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46841dbe-ea44-5916-aa8b-850e266efada", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ea9caf9-cb58-5c6b-a38a-7302c62189ba", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e322b9c-ee67-5d0d-bdc0-f15f1bca8236", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3637a74-75d2-5f8d-8a18-0a1126e481c7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52962e2e-3bae-5bec-b734-83846c6c7871", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c24c64a4-b328-5b74-b3f4-cf9c71792f4f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16ff6723-8d6b-572f-b51f-e5d0747b2b1d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06fe2c0f-6550-5b9e-9e5d-22ec41388e1c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.2" } ] }