{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:389b1dfc-413c-578e-9959-eb0d396edeca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c2673bd-bed1-5057-8556-2cc096341ef0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05a48326-36f7-53c9-9db9-aa4847f82c66", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9eea7e5-e3ef-57e8-9e84-0b05e3b34c47", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c8119bd-af70-53ee-826a-9b22ffd1d889", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb3a5c0d-511a-53b4-b107-b42903ff5496", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d79ee4c-918e-5bac-82d8-636baa35484b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fb110d2-f384-5166-b688-be90a6d8adf5", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d180e881-c085-5187-ba92-da1bed0d8b8f", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9bdc32b-aff7-5ae1-b0af-77c439d2c5d8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e11a7be3-ca26-5f4f-9cbf-745b74d7ed5a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a54afb45-23a2-5afb-a66c-75c9f5048002", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74495921-0df3-56ee-a0a2-1c1fbf05a7ba", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69d66284-7a21-544f-aa65-fa76fa1c72c4", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef20a903-2a82-5a68-9571-77550ec52e36", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40e2d2d6-273d-5b85-82d3-14d416fce1f2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c498ea9-b2de-5a58-9f6c-1b357e249fa8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f519f5c2-1f08-5fc6-8e36-ce3d30a97638", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8409c16c-0a82-5a95-ae17-9c66cbc7332b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78c1a0b9-020b-57ea-8891-32be99c9b39f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1716e890-f2d1-5ca4-8642-2228e5acee3d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17ef9ca8-dcc7-5681-bc8d-43fe2a5c647b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84876363-5917-5362-b400-7c211c24106c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e62d52d-22b6-5abb-8b47-72bf49352439", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c13d358-8e1f-58eb-9d91-4ea5410495a0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83135bf2-20e0-5fb1-92a9-20f55f6cdf80", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f93b2772-d286-56cc-8286-cf534e9dbd7e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69f5cff7-6271-5c86-a60a-93bb011a1614", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bdb87df-6f22-5307-b5ec-8f6d1873c037", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10a4a982-ff8c-528a-94ea-d8cad044de0a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1aff7963-4c3b-5573-ae34-ecc087130efe", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1808e01-4904-5137-8403-fc4d7478ff57", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f534f18c-c074-5049-a270-ba3c19d6701f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fab9c50d-c3ab-5ded-892b-90092308a463", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5870aa31-538d-581b-bc62-f0860c7b1b80", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:131ab331-3fb7-53c0-9b1c-a6aa3caa3e9e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64753d8c-600f-5342-904a-c8a122cdf03f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc424472-a8f5-5556-b561-898016c76930", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.27.tuxcare.1" } ] }