{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1c46f98e-8a60-5814-98d2-119629ae9978", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:99978e4d-e9df-5fed-a681-9abf3e0d1bec", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:feba4f34-2234-5719-833f-1ed0d29f531f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b05e46ce-ed21-5dc8-84d7-ecb20d5a4fd7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1156ec3c-481f-5e9a-ae41-987c244f1380", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2813d95d-c9aa-5caa-8a3d-67740a5acce4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ef9389f-0c8a-53cc-aa67-cc3e08d238aa", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4ad4a0b-2f61-5107-a4ea-5ddc1c339023", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e225e6cf-ea0a-549a-8d8f-de35690f4098", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09f80c42-e478-5cf8-872e-126fb2b48716", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6391cf41-b4ae-5e70-a7ae-64a086b88c26", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97137771-88b8-5a49-a9bb-b0e735cb8ab7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1fac4451-eeb8-5185-8a13-bc1cbcaeea18", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2513a9f2-96a7-58c1-aa53-0f9e878f8b9d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9efc9d6f-7603-5b05-a4b5-94a561165e4a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5102719d-29cb-5f86-9d71-8a508c5be897", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:423e163d-58de-55f5-8ff0-a991e128e134", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44e5fd0c-fd87-5a5c-a75d-666aa6e4b047", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8868a81d-d6c3-58eb-9203-0521c7622d91", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a88af8c8-5d92-5648-996e-5a49a176c6ed", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c32c9135-44a7-5840-a7be-badc935cb21f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db879494-b3d4-5f81-965f-0a2e61651377", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47d04bd8-74bf-5102-946b-9874f0fd30a8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6696d74-5c1d-5205-a25f-5f58d5047ea6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ca2d30c-a10b-56ed-9e40-1d56f67005f1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:afb5efaa-7190-58be-af9d-408d5c75cef0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5a9472f-f0ea-50ed-aaac-5e12dd5827db", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8326d56a-bfdc-5913-b447-91d7b590c2da", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d603b23-541c-5075-9b68-ed2d45becaf1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa4f6c65-ebc5-58fc-8b74-aab8dc5867bb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3429ed1d-d4d4-59d8-a9ff-a8284fd7ce7f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be29dfc6-4aa7-50c1-9927-f7b7eddd873e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8eb5e556-81c4-5a2d-bdbf-bf16718f04e5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d304da5b-fe54-5314-abda-1d789058c797", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7330d7f2-2086-53c6-a4e8-dec5778abc9e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3e01dea-ac2f-5d25-8841-3215ca8656b8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47d7462c-df03-585d-99ab-2b07c4b0203a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1812f5fc-276e-56ff-aa9c-45df6778c88b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.3" } ] }