{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:adde43e7-4dc4-5c92-84ea-9eb01e44d8aa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e1f97a25-15a7-5692-bc3f-04e03b02dc80", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b527228d-19cb-51a3-8255-edcdbce23f34", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2c419d60-02f4-52da-9819-fc0199d46a16", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d2f52e12-56d9-5970-9d5c-4c7ec08951b9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:932df7db-b903-525b-bb78-e58ec298089f", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:33ebf75d-6a36-5a9c-a144-81dadb63d7e9", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:116550b4-1bc2-516f-afdf-d167227e7bbb", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d8764533-50fe-501e-94bc-663773f8fed7", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e9e21110-648e-5285-99a0-c8a71a2ba2a0", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5a5e759f-4ae3-5a61-8b4a-ab8f80ddb9ee", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1658aa29-7389-5e7f-b3be-c9b57b38ed68", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c58ab144-33f8-5230-96ba-78ae6fd4d425", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ea805dd6-7ca1-554b-b3e7-71763ac9d10d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0435a4ef-c021-5d8e-8e90-b58f770868c4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:99cb68f1-36fa-5349-8282-20cb2a84bd98", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:42729e48-a5c6-588e-bea9-4567408c848e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9043391f-d5b9-50e4-9016-3c4ec1d9f819", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:dbc1ec9a-0f6f-5ceb-b0a9-e513fca19f88", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:93717933-65c6-5107-8642-ca04d8c6f892", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4b0665be-9f5c-5d49-a780-1344c3a75f87", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:093ad9c5-dcda-5adc-8946-19646d03ce66", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:728f915d-f19a-536a-911c-fc603430b45c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3ccc2c22-1b81-5713-ae2c-144e1e3beb9c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:88638130-c024-5eef-b952-3d07d39b72d4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:73bede59-cd47-5538-8396-6ef0557ea595", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c59320a4-e32e-5917-a4a7-f4b8b5274502", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:15cb100e-9422-50df-978a-a54dfeb2addd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b80718c8-4363-54d0-bd35-0a60228dcd0c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4760aa75-2758-5c83-9308-ac18e4ba2c77", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:778151ab-8b0b-52a5-a433-abda6b0396e9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:97a2c3c5-c61d-5045-923f-b270485e3c80", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:84348ef1-047a-5f62-89ab-26706fb85450", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6150a68f-0955-594e-bf8f-3f43c161a4fa", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5b900c0b-f3b3-5e8c-93c4-b19c19c90ebb", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f0b670aa-5385-587d-8502-9043d6c7840d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:43b960a4-7122-5129-a8d5-212d4c7e5637", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0d57f6c9-38e2-5ad7-82bd-3d1abe1c79b4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31.tuxcare" } ] }