{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:97f977b5-40d1-545a-ba52-6661f5612a97", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3116fdb4-f634-50b5-93ab-1a0583c8e85b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7291df18-2197-58bc-8a2f-fa18ffa3e8e3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:195417c6-456b-513f-ad68-58a48c5accbf", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cc1b697-0bc0-5c48-aa54-51567d7669bd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:710df99a-be93-5ec3-97a7-954b48de2dc2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b46d0b53-d466-54fd-9ca9-1de3b4248c6a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:291f0c7b-c6cd-5c65-8ecb-1bc18010a679", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:055d534c-d9b5-5793-85bd-87e79060cea3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:695b790f-e42b-54ef-b237-cd0d0b7e3463", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25dd0255-9001-59ba-a891-62de5d567df0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d93e4cc7-a43c-5ef4-882b-f8ac0af1808a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6918910-56dd-5479-971b-7d1464762a04", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1abbba12-6eb1-5dd8-9731-74b238a5f856", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0f3e9207-935a-5b8f-a542-8af64472a4f6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c147c40-34eb-5771-860d-428c4ff00d40", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:04e1998f-4473-5cb1-8b07-4b189db300f8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3e5cf08-6163-547d-b771-09d1e4384e64", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:545fda0c-4faf-5b0e-ac4e-d6324de90509", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2cdf9699-bd7d-5f69-a5fd-48be3e6da9f6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fef85a05-b320-52e9-b9a6-bd303e376285", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d56ba55d-6048-5521-9013-7461fa57a305", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2750ee01-4aab-5c04-bd00-412e50d85448", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:85fb8d7d-fa43-56e8-b98f-a00f61bbfae8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f4644c6a-03ab-541e-aee8-c6c3811d5847", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:389c4701-19e2-5c62-968e-59ae97b9070e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39bdc099-5b06-563a-b970-9ff3e717a284", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d89f6946-114e-57f2-820f-ed590ffe2862", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d65a0a46-48f4-5e45-9cc5-8bdf807a8a3e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b33fc3bd-fd4a-5035-918f-60e74608dcc6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9cd42d6c-ae4f-5bcb-a79b-aa2222fad1f1", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae37de8f-d27e-52c6-b64f-22c049bb7087", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e35a02f6-6679-5ea7-ba44-7dbd2d0ae8c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2d53845f-1132-52ff-9f55-54433277725b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:023a4148-f667-5fa2-8d6e-66b704ccbf93", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:28ed1cd1-cad4-5b35-af2c-4f9c047bb6e8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:96cd4ec7-3902-5016-977c-c741db36a4c4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2f71d282-735b-5e31-9a03-6aaa7927d640", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27-tuxcare.5" } ] }