{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa377dd8-5dc4-538a-bd02-b7a69fb8ff07", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:56cae2c7-cb28-56f2-b9f7-31848a411d62", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1cf944a7-07a0-53b9-a9de-54e62c305dce", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f701123f-8daa-5fb8-a91e-c81bdcedbefe", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e148da1-7fca-5669-b1d3-cc6687183527", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ef1ad02-b872-5c81-9c15-1e0f2827e3b6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae15ee9f-8f05-50e8-8c90-210c0608b4b9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c0b4b600-5313-5f53-b987-3f8a88de2706", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d59a8728-6f97-523c-8bdb-6d9788c92e04", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f855de39-4bda-5afe-a065-5b8dbf416642", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:75fcb4f6-7732-5854-80bb-446cef3e9991", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7e716985-2854-5e4a-a627-b5415c2314b3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3cdfeecb-2b25-512b-a16e-a3ec48d39c02", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c00128c5-d29a-5f67-96b4-34855f0045f3", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12848434-2ca4-5a9d-b691-0ee40249bf1a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:70420e28-5941-521b-8665-51a479d68666", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:989e4563-d504-56a3-8e1a-21fac4767dda", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d2bcbb33-2ab4-509d-a6ad-63376acc9e97", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a02889fd-a7a0-5d39-8778-d02774b85f97", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2fe8b670-817f-5931-8b21-84121493b59e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5ce4efaa-a1c8-5487-b0c5-c1deeb10e7a3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:31f551ea-32cc-57aa-a98b-285616f20470", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:26ea51d9-c21b-5225-8d36-c52b2299bc16", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a58de4e5-ce38-5172-9f07-1b75ecce8bbb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a774ec41-e38b-5fb3-8101-ca9435a3d29b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5650adf8-dc85-5145-a28b-c26c3c1f6b68", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:099fe19a-745c-52b2-a168-d7cdea1dcbd5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7403044-2c35-509e-bb2d-de59e1919921", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad67c8ef-2848-5d04-a77c-af463c3b9217", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0437c4f4-8812-55c1-ae1a-313760908de3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2417b2d-8e23-560c-9966-755e14db7e6d", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:41113860-189a-58f7-a1ce-bfe0741b3509", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3a713924-8b97-5622-957a-3238673f875a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9fdab345-dc35-5bc4-ad39-a30c56395573", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3fda9583-8e58-5fb7-9134-ef263efa9e83", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36eaed08-9cca-552b-b3d8-24c2fc07e34e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:793d831c-0f80-531c-991b-7d0aa39e56da", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d776accf-0a1b-5355-9f22-3da5f189b384", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.27-tuxcare.5" } ] }