{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2cec5b70-0c58-5d0b-8ecc-62cc2d9cd58e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b320f847-4b13-5581-b640-b370910c92f6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12b42e3a-332a-5d72-a664-3bb739dd21fa", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68023245-d02a-5bb4-a95d-2694f7f6f074", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0463020-add6-50ef-b180-7a683b63500c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe659784-c4d7-5143-8cbb-6a0298b57003", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddddad11-d058-5b7d-bd26-3c9a588b3ae9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1d124dc-fb04-53c2-87b1-b11ed5c31003", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4004c6c-56c4-5854-9515-583be0ab47cf", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d868c4c8-2c41-5102-84e3-b42da9354f53", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b8845be-230c-51e0-b887-836bf1fdd7b5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e605ebd1-25af-5c90-9ec7-985a4d629a1a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b7429ec-04e7-598c-9997-0c7b94ff89da", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9e1844f-05a3-5ec8-8a75-4362814fdabf", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79260670-e59a-5427-81cd-6f39d61b2082", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75706a14-55b1-5485-b831-c257d173aac6", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7465d5c7-3523-5a1a-9615-7ba40a5190d5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bae26385-8bdb-5955-80f2-5a8552c71ca0", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f2a46e5-3694-536e-9317-e6bfe9eb36cb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dac0ee6-56ae-500d-9372-8a9d4ee2abfb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:844bfc37-73f4-52a6-abe0-ad5f73ee8d18", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18cc2e24-242a-5f60-90c7-42e5e6ee71b4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7355fdc-4d99-5a33-b12a-42830fcebd19", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff2d813a-0637-5533-a548-871122b374a9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb9b27e9-35c7-5eb4-ac71-9923369463e1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47a41de8-17ea-5c13-9968-48eecbc4b563", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bedbe228-e570-527e-8b41-8bec8d0d5574", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:320a2ed9-94f4-5ed5-8535-7fa6087779ad", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f892f46-5f26-5852-95d0-aed17d55f3c7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6db780f1-84c8-5001-9b99-eddf9135b0d2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff2108a5-14cf-536f-8578-5580437cba0a", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b90688a2-9d29-5780-b422-95f3986152b3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4864588-406b-55b4-9c99-24a7fd529519", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e903feb-fb6d-56f4-aa57-03488b61a163", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f94053c3-d579-5da1-8033-7e3b40255481", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a3e80ed-101c-59cf-ae15-cd4ed3c7bc9f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc3a5efe-c89f-5ae7-a48b-d8b870a28a4f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a13885c7-6496-523c-933b-0c0b0a1b52b7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.27.tuxcare.1" } ] }