{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2c1d3dda-0af2-524d-92e6-31a3652a7c09", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.39-tuxcare.8", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cee309d4-781f-5fce-88bd-914274e95fa6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0003ffee-fa41-5e40-b23e-dd5e3d2fcd72", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a6e00697-2038-59b0-823b-2167a7d350ac", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8b5b1052-31d5-570f-aba6-328647a5b0cb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:457434e6-f131-51bf-a111-e960e533c598", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d346a081-3038-5e70-babb-f2f8d8a3aec1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d8bc275b-e926-54d2-9de3-4e15a5e72b7e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ca49166e-4561-5319-8a14-c884ed2ac020", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.39-tuxcare.8." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3ddef4d9-80a9-54b6-b92a-a8943ac6ae78", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1745969e-c379-577a-b784-82a138d2b55e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:28b20be8-8552-5be0-90ce-84fd16702e51", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e0b93401-600e-58fe-b81c-74d53e0c6c13", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3ae3479e-0f46-5751-9f2c-0bb07696d296", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:198e3ba7-5518-58ac-b9c5-0e9e4a6c3b33", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:efa54713-927f-5255-9abe-89bc7c0d1db7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8d2db37e-8e82-597f-b339-b8aebf4e63ca", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:2e243e49-c023-5334-86f3-bfec464cecc3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b5c709af-aac9-54e1-bdef-b1f122d7c508", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e0ce8775-8fb9-555f-bbaf-0e825aba7997", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:90ed9d78-8be3-5f5a-a7cb-b3dad124f728", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9d184957-414c-50e8-9e20-6bf947e588c2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6a204191-0d70-57c1-b08e-9181c009412a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6163fbb9-2f96-5260-b931-bd18531798c9", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:71567e10-e253-55a2-8661-9c2e56f33123", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ef4d9cab-718b-5f61-ac4d-796a7cb8b3e6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:85b00090-6acd-5cd1-b9a2-70202278dad0", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:84877bac-1427-54c4-958b-01fa01265793", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:53cc8a7c-b957-5ec0-ac9e-3a236fc4027f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4998e257-0625-5a36-b937-95d1b7d0f9ab", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1fa6dcc8-c008-5fbb-922e-66e210381e6f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6792a230-1d17-52bb-80e2-d09386f89ef7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:05736e88-2971-5701-b232-247827731b3d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5d197eac-553b-57a2-a99b-639ea0af4480", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.8" } ] }