{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:68840a26-c1b0-5dff-be6b-037c28911678", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.39.tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:da90d21c-2ad5-5aa9-80c1-35e1503cc762", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3fecba5d-2f50-50dc-b2ff-22943a361643", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d01da8bb-5849-5887-8670-ea55983fa824", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9dcd8670-68a2-5a6c-bc20-49e852ad6eaf", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f593f9d4-cdd9-5c21-a270-cdcd108c85bd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f367158f-c940-50dd-901f-27803fa80fcf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9322842d-0465-56fa-b9c6-7ab2989ee8f8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8cca2574-2a59-57b3-a14c-19c09e4c3533", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.39.tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:060e2e18-b839-5248-9482-99b7b9325652", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0101744a-5254-5351-a977-d55a8bb9744a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae31c291-79f8-502c-a080-bc1ea6fd9bd6", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e848094-7257-5195-905a-c93ee00d33ea", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dbf21b2d-7255-5d27-b9e6-82eec710f499", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:79d2124b-44ba-5e88-af55-7354105b9f4f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f01362a1-61cc-5d1c-8741-13eb62057458", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ebb7e11c-0d54-58d0-82e8-e8199d19eb97", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:778bd84f-23fb-5c54-bcdb-d7ae29d9ae4e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:34b9e6fa-00f3-5066-a2d1-d0813dffa1a9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9cb257d4-d766-5e79-93cc-232bb4cb4031", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8da4b20c-7143-573b-a7b4-c8e7b77b08e6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da197929-aaaa-5dd4-b36a-da3fd8d951cf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ba073b3-c4ae-5383-8ef6-ceea3f75e083", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b0b5acf4-7206-5168-b95b-5de9a7fc645d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40893719-43ab-5212-b648-fce2b80212b3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7e0b254d-aed8-5a61-a4fd-a79765705d06", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c8023a59-027e-5bfa-ba0e-c9678222dd30", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d33e8bb4-fb8c-587f-bbdd-110d3438b382", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:93a5b5b7-e932-5d9e-9609-c4ce888dc54a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad8afe80-8ca4-54d7-89a1-04dd653bad05", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1f1e8ed-e1c4-5647-9d2f-e7a5388cb118", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed3a893a-0bc3-5b08-b576-d7e4daaf4769", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:90f6517b-de1d-543a-a91d-4abef5ec6bf1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a40dd6f0-77c4-5506-90d1-f29a039f3d72", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }