{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:03df0786-a16f-54ff-8530-4549eacf10aa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fb893950-9d8b-5a25-9128-5ed956e06e10", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:eed15d1e-09d7-50a7-885a-54ed98c8f453", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:01c5f09c-6dff-5836-ace2-aae231405960", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:95ff2d69-c0d0-5138-a7c7-a0ed4beadac1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9152efaf-503b-550c-afdb-2f33d1723761", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5114b89f-340d-57ae-a5dc-8ea25a86f340", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:016a9db7-9639-5978-a4a6-f752e8949d73", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5a229b3e-486f-53be-bdaa-24db1f0d052d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c5cb915f-d03c-5739-acca-5affbf102a7e", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:059773db-a1a9-555c-a5c3-c1608f6b6165", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0a170a46-25e9-5bab-b2ea-5bca879152fc", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6c7040da-5a77-5a13-9f2f-bc1af5b003d3", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:60e8ec20-3c35-587c-86da-28328147f79f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f17f311f-48dd-5630-a913-57c1b9c3a1da", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f6f3d4af-7745-59b1-94a4-466f7552ef14", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:95808788-0176-58e5-a2f8-39c2a074aa77", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c392d799-a574-5ad4-8235-7d482a1e6657", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d3f25290-4a4e-5fe3-8230-45a1563e845c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:982e4103-deed-5ec1-bcd7-ca5d6370eb99", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:77216435-ce0b-57c0-9e4d-158d4bb9a5e4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0d3d5c1d-8cff-5650-a8b8-84a3ce7e7bc9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6dde2e25-d7e8-5c90-b098-0715cb94a8fe", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d4e532fa-6aa4-5365-8b70-72a507e7e138", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d3433c5f-e6a0-5565-a54e-afc6e1376418", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ceb83b37-3e2c-5bc3-98f3-ed710d39e34c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5233dfe0-23f6-547a-9203-ac9901217673", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:760dd524-deea-5b5a-ac74-fb531f6a11aa", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b022821b-cfd7-541c-8e16-23f398d26a72", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9833cc8b-b5c8-5bca-acfd-174a35c0a73e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:044bf54c-db30-5d32-910d-ebb04ea12036", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2fdc2c65-68c1-5f36-8896-63a2cb3c7611", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ddb5a0f3-edaa-52cf-bda8-1b4c5a96ca19", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a8accc5b-ef65-5858-9545-10e2da728eb2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1223237e-de61-543a-9924-b569da7355a9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b9ef70bc-13df-5097-b97e-f3577c69e4a1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:123d565c-5b08-5ae7-8b7c-83fedc27b535", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:443b276b-063b-5e62-87b1-6ca8244f1ab6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31.tuxcare" } ] }