{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c4ed1b0a-0513-537a-8bdb-23b3c41c8bd9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7d610e02-191a-5ea6-9278-f5a082f7614a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19a378b4-26f8-5bfa-8346-94558e12641a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26641036-dc6f-5bb2-93b1-11069ce19296", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb84db54-65e7-54a7-a5a3-7a6a71df36d9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:889c1b7e-ca2e-53dd-a72d-20b97217e416", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:439c0580-d539-50a8-bd6d-558a23b16a6d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:615754fa-13d4-5538-880e-cfaced301866", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11bf951a-bfb6-5ce0-a483-4710893f0b3a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:348f675e-7c94-57a5-9735-ad0978eff3b6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9437d40-2810-5adb-af10-8b1b32ebb4bc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:353794a0-da94-5bdd-9bdb-39e519992c21", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2c61495-b387-52d7-8425-00c539479be7", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5dbf8a2-5dcf-536f-9e0d-1c5a45e2a77a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32af4c4a-1cdd-50b4-9a0d-26ffcb9739d9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe9c6f84-582b-5ba9-992b-15a953f34a22", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:264ea9ef-aa2b-5628-bfa5-d07bb9015548", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af889b21-55b8-5c48-bfba-d9bc530ed8c2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:314cbd2d-4e70-5c6a-9483-ecf300ad93b5", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a26ea67-4efa-5cce-853c-b7fc46629e30", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d395032-e7e7-55a0-935c-432651678799", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c80e8e23-18c0-57b2-bf90-2ba238ea3ea3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44ce7622-ed7d-5995-94cb-bc09903de839", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83a080c4-330b-571d-b2e7-28604bb1dbf0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b552e42-9729-5fc1-a665-bcb967d74bfe", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72c76597-65a1-5708-a04a-8a2089f19ab1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d171a3d-bced-5a2f-9c0c-4bdbf63d49b0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a838158-6c5a-5397-9cd0-2d8e3dea039c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39e6b798-2526-5c53-a464-a38c7b13a55c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ee77560-3bcd-5b2c-a120-99d3f781a566", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab1b13c9-2608-5513-94a3-3f693b0ef469", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97b7acff-aefd-5669-8e26-25e3b1a38f34", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c1a15c9-e629-51b9-8256-64e4000a5aa6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b560b570-dcfc-5380-ade5-c765060d5c2b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c2136ac-3765-5188-bce9-b879d6d79384", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82375df9-fe5d-578f-b312-04dbb16e6ddc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14e6ac3d-bc31-594d-a899-f7a68d3bc054", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdf0f381-75c7-5b04-b08b-192b50cf8fe5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.1" } ] }