{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:01022c37-ed70-527d-beba-02fd465d8121", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3b28881-698e-5dc9-9346-611b9dbfe5aa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ab52161-c9a1-5317-97ed-171df48e99b2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34c030c4-188c-5eeb-9845-6ff986d0538b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36209041-7aa0-5afc-b1ff-6ae1b5b69111", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e85b7c83-9657-53ee-9cb5-f16308b1458d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f75eea83-c06f-56d5-8ad3-cc3c8dcb9894", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0da1941e-031b-5d7e-bc63-2bf651733ae4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9253e808-37b9-50af-bec3-014f15f785fe", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00057f6b-10fa-5f3e-b0b6-f8f7b0c80bf6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56f08111-ee67-5cc0-aab0-3e31e3a54997", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:062a4501-734d-522c-a5f3-dcd2a1e45aa5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc17a561-e734-545a-b60a-ab25db26ec9f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfe2b3f0-6465-5602-a1b5-a4990eec5db5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61e866a8-f3ee-5ea1-96fb-76f645f3a03c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:319e37d4-b4e7-5697-8692-6223980c4f64", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c9d3955-ea9f-5241-a049-02eed45c8c65", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8e7629a-e77c-5523-a964-613c6be8604c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa8e7618-e1c0-5c9c-918c-52d785502a92", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d76d60a4-f736-5802-939f-6a651b3bccfb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59e08148-8ec4-5594-8f2f-9825589144dc", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31edef1d-56ef-5fab-861e-d6e975ac951d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cee40960-4583-5176-a08a-ff03cd9f99ad", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7bb6865-c074-5228-b0be-356359b9d472", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78da2568-41b4-5066-b8ef-96a6852ad20c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f63ca27c-c6b7-5f68-be15-865039e72381", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c3bf4c3-3e39-5a19-8dbb-356ee9f35dbc", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18369c43-d3bf-5f59-8fda-79f0209c5ff6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b99065ae-513a-5c0d-906b-9467088031b5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbc53a69-976e-5a8a-9de3-ffbc1c74ddb1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec7f0129-5c63-590f-a627-a165a089d1b8", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f1985bb-082f-510e-a650-4c4969251eb3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5884a4f3-4916-57a0-8b0a-e517500c39e4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71a4cd1c-9535-57ab-851a-b7ce693158f2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:103a5d82-45d0-5fa2-a6b2-f4b0ccd8eb72", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5523f4c-7c3f-5371-8a72-a55dfcf408a7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd6939ac-7fbf-57ce-a14e-9fde59c166f6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8d21e96-3564-5800-bab5-04695e311824", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.2" } ] }