{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b4023d3a-3a2b-5094-a39e-6a6a6fde946a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2900bf34-0fec-5167-84d0-e77ba49427ac", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:da9588ca-843c-5897-bc1d-bc84805e0180", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ed8c211-3343-5e47-95a8-2299fb41a165", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:669f226d-4bf4-5370-9066-b3e40c94291a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5ad027a-509e-570f-a217-9a1517f4360b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0773f81-9560-518f-a218-b12fb7d0a62d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6d7b056-db1c-5711-8f98-d02a7d783300", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:018b05f2-2611-5d1a-8ac5-310d4950dc26", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3651c187-0786-5e95-b6a0-04de19921a59", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fcecbb90-2f40-5289-b31f-25449aeff6ad", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0793bda7-4713-5b72-86f6-ac769ec7b291", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2025339-1340-597b-90a4-116f7280e9f0", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:520689be-d006-5236-9511-7fa9069a8a16", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2c53517-e8a9-5d46-b48b-a66047ea31ba", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49251fb3-0fa9-5b85-b371-ec114ffc2a93", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b746f2e-8cc7-5ba9-b800-a6888eb64e7f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0683537-c4c5-525f-8068-b7f121a6a63c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd32dea5-835a-5e68-95b8-be21bd438b4d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16822a12-d12b-5ccd-b9da-96b5fa4c5574", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26e97c1b-046e-5838-92d5-3dab39baabcd", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91c6e80b-3092-56cd-be4c-06ab424c2942", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff816ad3-206e-5fe4-b84f-5a88b7ac9876", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f879eb2d-e076-51a7-8f31-fdce980e9e7e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f5d6c8a-1060-534a-beb7-530f1481fcd0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5bd683d6-460a-5bc5-ae5b-04c952e8a9b6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c967dee0-dab8-5e91-883b-90a4612910ed", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:acea9226-8d90-51b9-acb1-5d65e4a6d7c4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c3850b0-f51c-52e6-886a-b63333096de7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5661d816-df84-5e24-b265-79598e05019c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:006a0de8-a87e-523e-9fd6-eb2b8daf6442", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f2cad75-9b63-5b3a-9e2e-7d760552354d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8373990-3e89-5e4c-a30e-d477c477f3b1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdc742fd-4b1e-5d02-862d-8e2ad1ab9487", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b11bd596-bdc7-52e5-8334-1f9a0403b682", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a3d20b9-af55-5550-b336-887b04da106f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dec39399-14ba-549a-bb03-2e52a6b75bf0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f1002b54-6f34-5fd3-b945-572e73ea5a58", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.4" } ] }