{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:15f6fe88-1bac-5c3d-9212-1e60140ca851", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7454ac98-157e-533d-a819-9062e00256af", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:cf91e951-fde3-5763-a898-770a341d902f", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:4495f136-9132-5c13-9a41-83f88b134a26", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9307602f-a336-5431-b945-80ec7d03373b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ea17dbeb-bad6-5ff0-aa51-84e70ca0402d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:15350bde-aaf0-5dde-aa4a-37850e894ecd", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b91d83cb-0ece-5210-ab5c-a043c93c0a93", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5226bff5-9f2f-57a4-ae5b-24e2e774a451", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5a7b94a3-03a4-574d-bef1-4cc62a14c8c6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:398f70c9-24a2-5ee3-8d27-09dbd1a14ad2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:209e2e08-593a-597f-b77e-3c83aae3bb74", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:80abad97-a558-5d29-a6de-67fb30abdf34", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d294efe8-5e36-5d08-8ea9-60102df6ede5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:e2944e6c-64a1-5337-84f8-df95bed3f2af", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:62d9b247-804e-5c8c-a4e1-85f357b4bb13", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9632d5f2-b198-5443-ae18-6ebc1d2716bc", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:74b9daa7-2b7c-5b07-a1fc-f13edd65b021", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3062d7b3-13ef-5073-9b8c-eecf8ae119d7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1c6180ab-fa99-553d-a446-2fcd9319abfa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5582da79-8b26-56e0-84c9-fbf8add5f40a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:82794516-4ab0-5540-90d2-44db8cdeaef0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c703ccb4-d9f4-507d-a2f9-a582016fe1c9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3fca6f96-b2c9-5d84-9770-d00742bc4bea", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:52404f0d-4ed6-5281-b507-592f2532a3c4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:e82392b7-e701-5c53-86b7-b19aba69d8e6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ee2fb5b5-51b5-54f7-9dbd-ddb4beb3e226", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:8ae6f8a5-fe12-5e3f-8f32-bf0e9b8ce394", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:10839bb6-1446-54b0-9093-dce8bd4cf002", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:83ea8490-4850-5118-80a0-3e4956468421", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c61eb818-5d55-5c70-b8dd-84ad4ba65857", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9164bca8-b9c2-5f6d-97c0-07534974ca21", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:31885206-bd84-5d79-baf5-6545596de7a3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c79d9c5e-8c5d-5454-b46a-fb833f94051e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.10 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.10" } ] }