{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cada2192-5f16-52ad-ad1e-60a19dc4245f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:70c2436c-4c5f-524c-96c1-4d07b303271d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:794cd79d-174a-5095-8469-134c68b9ca3c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f38f9764-7834-5959-a8f9-26ff9505d1ee", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:006d64a5-9eb9-5e26-a48b-50ba288e9e55", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:47ab3336-21a2-583d-94be-850fa29bb8b3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c37cd55-9cc5-5911-876e-36fb0508cec5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:53e6436c-4251-5d85-a478-94af51a328ad", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c730cf3-041c-523c-a8fb-bd35808c5d7d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:086bc163-254d-5683-80c4-5c7bc8c71317", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:742fd6bc-bc9d-5068-aa5f-aa3179cb5fdd", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cf12b0af-5d34-564c-a93e-bc181192b357", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d1293eb-6182-590c-ae88-ca53ffb2f58b", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6324e222-f76b-51d5-9c5c-e3e4806cfb42", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b38522cd-2eec-56bf-9bde-41fa1eff2d6d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a44a02b1-0ead-517b-b1b1-2989e9263300", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12eb97c5-2af5-5a2e-a9ff-3f0cf6ca1d82", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27dcdc6f-eda5-50c9-bc1a-3ec9d065e52a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6e711ac7-be58-56b6-b1a0-7f6a0af9fd67", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3a0cca53-1d07-5f53-b0f4-891a354d15b0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13ced5eb-2439-551e-839a-d7c819d59e07", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:702564aa-d1f9-5183-985d-014e3ceb90bb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:46ed0e45-213a-5032-89d7-bf9b748eeb20", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:355b5985-5433-5f0f-8c9a-706276c84fea", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab0d0dd1-a8f3-58a0-ba47-7665cc633dfc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bab1a709-6c3b-5ede-b4a8-80dea60454d8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e8043ef-9aa8-5d5c-a69a-9f825ee29cd1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce16cfd8-b39d-5602-ad89-26375befd1bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e726a24-9eb3-5380-abf9-ed3273ed7e0e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e72a5276-936c-5a1e-9b26-a57bd2329b08", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:225beed6-1e8c-514a-a332-14275538fb5a", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3c184bf-7f0e-5f24-9dd5-c8cf8068f605", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a48f1d64-f680-5bb8-9c95-7bc289af1941", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d6a5cad8-0467-59c7-ad47-46ddf8c6e25e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27f8db60-f33f-5964-9847-6431e643b300", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4fb93400-4b7d-5eea-868a-2adb881156b8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:48b7188e-f0ca-52bf-abd8-d99a120eef8f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2a089c6-70b7-5306-bb22-58f6b459aabe", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27-tuxcare.5" } ] }