{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a7979a9b-b8b6-50dd-81b0-cb2ea71a309c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3050a5cb-158a-5b80-a665-5f5da9590958", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d0325e0-1450-5ba2-81fc-9ded2d6c6c77", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9e0cae1-6eb2-51cf-afa7-b8da4c760592", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de34735c-ae41-5890-8fbe-9a443ba9f6bd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86c2922c-f825-5a0c-accc-7569a7bd7a1e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e70514e-f7fa-5938-9e8f-9dcd35d0087b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e590f7a-d891-5a12-b9f0-93d608f72999", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3453613e-fd5a-5378-ab52-5db4784ef684", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53a300e8-0655-5fc0-8233-20a98dfdc6da", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15f9cff8-f8bc-5f35-b9dc-56fcb66bc018", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56fa45b0-63f7-57a6-99d3-47516147b57d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34b43647-2fd6-5e51-a659-341f568b6b86", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47148df0-e3c8-5a36-96f5-7e6d597aa31a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94508e8a-1f50-51fd-a705-1c494469ecbb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6159f21-780e-5ca7-8338-b71549ed80bd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7f1af23-c28a-5e2f-91cf-85416babd428", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ffd1bda-afc5-5370-8ef3-b92346046db4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6c56163-3383-5110-9bec-5100c493c5c4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:703008dd-1df3-5880-b3e8-5ff9c55f7dca", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8864dde5-b403-5316-89f2-50bddc44b62f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ab4addc-a74e-55ed-a08a-eb183d4ca227", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2caeab80-129d-5a87-a3fd-ee6d3ec71d3e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01876c79-90fb-5486-8d88-ccca3afef762", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99fc36c0-5611-5a87-a832-53043172cce3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a22e6875-ea82-589e-80ed-9a57884ce4f2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b5b212f-a355-5e34-98c9-c9732539e820", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b043ef40-0086-51d1-aab6-07afc273f2cb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:318f4444-1831-545f-9ca8-0545e4ee0d6a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb0b70d2-a92e-54f2-8dad-ecdc3de56f1d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:299d0d38-02bf-5ef1-aacf-048f016eb0e4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53d6e151-4b49-5afe-83bd-f6e2c86ff6d6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56880f36-e131-56b5-8215-7baf1f3b5f49", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33b38654-c8ca-5b0a-a237-1255bda066cd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07034427-5375-5ef8-9321-a41fe3efcdf6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36ac9ec0-00a2-51d6-b641-313b919e487a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f086369-3f09-59bf-986b-0d19f4cde0e2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6611723d-126f-5d38-901d-adcad80c7521", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.29-tuxcare.3" } ] }