{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6e480628-0721-5f3a-8a7e-093f734e4fff", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9dbc55b2-b9f1-518c-882f-c09e14688563", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:159f0cf2-b104-5a5e-9195-216aa2b5a66c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28db4658-7857-535e-a130-b0c8cfbc2a02", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89993ac5-4d89-50fb-b36a-e4f51b73a646", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47c02c0e-1881-576e-a071-4bb9b32990fd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c8996aa-d465-51c4-8241-f9912a6aecad", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9da6b90e-7309-5c66-b638-764cd9e5c0de", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d64b155e-f9a2-59e2-93c7-1dd8630c6b78", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c2495d6-ec22-598c-ac66-350536455188", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2057c6a3-7518-5e64-aa44-a77cc3f2c5c2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6686e04-3d8c-5805-a9ab-4d5e0a6ee01c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6eccb99b-6ad6-5200-8895-ea7378f2a4c0", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d53f743e-9873-53c9-be84-439ffbc2c68c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abb02c6d-b369-5300-ac54-896e2bb9cdff", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4578e81a-2981-51f4-91a2-a5535eac5315", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56df91a6-7716-5a00-9bf3-3636860a1bf9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b241b165-0959-558a-ac03-bba6bcd55133", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ed10f01-4492-526f-bdb0-0345207ad855", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7137394d-ff1a-5e3a-a72a-e4091e745c3d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7bbdc84-cc92-5cbf-a5f6-624fa8504baa", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd7240b0-50e1-532e-a3cc-c15049d73a6c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a09fe3f-a060-545f-a473-9306e8837f6e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e91d6f1-58c1-537f-9442-9adf8d3a7b69", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:176100a1-379c-5a9d-af96-0ed5cfa93655", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd2addbc-5dec-5ff9-9308-8c820823c029", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77ff6d4b-445b-5b09-b6ca-90e4fe530fd8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:012c7883-ea81-5e51-b22f-e4135c8dfa3a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b7d2159-c8ba-5e1e-8f1d-620e8c795f0a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:280024f1-547f-5826-802f-3646d0d27ba3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab569d31-f95f-5c19-9afd-78cfe0001231", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc3d1d19-fc59-5fea-838c-2a4c3556ef22", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d5f5e55-f86d-5b8e-a183-33f423e5f4cc", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d86802c0-59f1-5df0-9a48-20650e5d4b08", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8d73f52-0b27-5832-b3c8-82d6befb621c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:217944a6-c070-5f38-8321-aec9cc102d13", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:735ce783-e503-5c0b-885d-0b7f8f3f1925", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9a5e667-e3fd-50d5-851e-a1d6e226147b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.3" } ] }