{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:18e3549a-36e1-575c-96c0-81aaf6872016", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:94b5e2a6-1d50-5634-a571-b5e1c67bfb92", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85a59bfb-3466-5127-9292-8f0525db8e5f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fd0f6b6-c464-529b-9d49-81503ca3b533", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d95a6ca-9a7d-52c0-adc2-86420604bc56", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddcb5807-8eb2-5534-8c71-092644068d80", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edf13c9d-cf52-5d01-8b94-21a2f3d91be1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed88261f-988a-5a2e-a3b2-3d77efb54783", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c52992b-7de9-58c5-adb8-7ca3085a6164", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b18a9b23-428f-591b-a8ee-1db3141b1801", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ead0a630-c392-5092-9ad8-78fceeb6d748", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc3a2387-70b1-5d7e-88be-22bdb18c1011", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0a23294-f55d-5f7c-b244-3f66ae032e27", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2b03a3e-ed05-50f1-8ca1-ece7b608a12d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0681f4c-a198-5c0e-8de9-96ed55b80fbc", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d7644b1-8a8c-5140-b887-dea1947f73c0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf169755-9b31-5f9a-83a6-7b392d7b2071", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c56af464-208c-5645-91e6-6c4df2ebeec4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84f848b0-bf77-5b00-8ca6-9c57544744cd", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7c00137-bc91-5a29-bef0-43f0739af375", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2913971c-3719-5a9e-afdf-2ea78ba438dc", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74555c57-9dcb-5791-89d6-a07f856b1687", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e409752-e41e-5bac-94f9-2d8378378503", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ccbc5bc-e3c0-5e5e-bb88-fd12246598ca", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf034530-17d1-5ca2-8647-2c01dce8133e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a94ab731-6039-5c04-943c-22100e81bbca", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:367edb86-432c-563b-ba6b-8d6e55c15e22", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94249898-8ce7-5c78-ba4e-a2d5b961f0c1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f520dbfc-5196-5a8f-9f39-7b60c64b27a6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52ab7df9-0b71-5441-b555-5dd1b4e1069b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:657648ab-b48f-5017-afe0-83492010edd4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88bfe5fe-c0c7-5a04-8874-d7dfebdb83e1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c5229f0-7042-5c7f-86ff-40c69eb9d60c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2727473e-3ae7-55a3-84da-82c237005df1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f3dc40e-72d6-5c56-b148-c2197aa9f34b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:606a5593-d7bf-591c-b74b-b79493f9f6b1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a14d3fa-e2fe-5e5a-975d-f498a5548429", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9da734a8-4257-57f4-bb1a-08e2dd1c05c4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.1" } ] }