{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc043f95-71cf-5f38-bbcd-22f76e0e44c1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ac81fb58-294a-55fc-95f6-f6a976ec3613", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45d4c4be-9d54-5a3f-b127-1969a772cb96", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76322fb4-0e03-5f49-b91d-2f39e0f9a4b3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b69e5d1e-ee08-5a5e-a802-2809790c09ac", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e533c48-e38c-584c-bd1f-127d7e1b4bb0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:559a43f6-e8a7-5ece-8ec6-5fb5b02421de", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a2e5488-6f76-5286-8a64-d8aa63d3ec45", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ad8b26b-23a0-50bd-b16c-df87baafa8c7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9247aa3f-2b4d-567d-a352-5bc8690bacc6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03a9a262-57a4-5011-bb10-65723b10289b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab390f27-bf34-5569-86bc-ec1d4fa7d9a6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:292be4db-dcda-553c-9473-9b23b44e82d1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c17365eb-6968-5078-b1de-8fa6177bfd3e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:067729ff-a2a2-51e5-ab6d-771e152f86a9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08f6ff2d-8b21-53f7-865e-e03d710efab3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a3d86d9-ed89-56cd-8d4a-ca85961d2ce1", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2363434c-b743-5ab4-95e6-d67457d7431c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56fedeb9-9b1e-5b5c-8593-000479d7e62b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d64957d5-477b-5139-9743-1c4b773abcfc", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:674e393f-22a6-55f6-8273-78e0db43b33c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4898f4b-9d02-5c2e-b024-dcf01a92676c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c06d8cf8-753e-5af4-9cbb-4e11dcf5c7d6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f6d04e5-771d-56b8-8bb6-8b80be035553", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61b9f8aa-acda-5328-9854-5415676ee6ee", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20c6b059-d945-5b46-be4c-41940a818d75", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:776fc992-2544-5f53-8b86-667176fcc21e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86411c9d-8b72-5f40-8622-d34dd2d35799", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aae16d5c-50dd-5713-89a0-a49b855dd7c3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d338f347-9078-521d-ba07-b3a3bdf10bc7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:52881255-08e5-5fbb-a659-41dc40953a0b", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5599eb0-2472-5780-ac68-4ab3910e4f07", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:634ffc42-f5b5-5a0b-b2f2-190d10253657", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3774797e-5084-571a-85b5-19f27852c934", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40687d1b-3165-5530-8188-c5bf32fad93c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b56ba8f-6dc6-5b73-a68b-a8be80fbffe3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e9e75f9-80f2-5f00-b561-f1cad2df3fbd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:102fe044-4cca-5506-b065-bec1d93577d7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.4" } ] }