{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a69a03f7-9954-5f17-8906-0e7c2b2db962", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:553562a6-73fb-5e28-9869-16818d38aba2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62043243-74a6-5f46-84c0-facb79adc154", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f145a75-76ee-516f-9062-94f2effb5f37", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a269cdd-14b2-5d50-b21f-e112113f5ce3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd9d4f30-574a-5182-802f-8f2d0e6fddae", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8163d250-3076-5175-8690-aeb187823020", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1a69443-b05e-5ad5-97d7-9ec5dd8ef9ba", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80e1a6ee-14e5-54e0-982e-4c1c30acf24d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:feb1dc10-e267-5d0e-9041-bf735af7f410", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fa83fc5-d669-5151-8d28-7929d23e098f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2867ea0-2f09-59df-b167-0b594537fa1a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44baec12-4d49-57ff-bc71-908b731d93ef", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e802887-fa3a-5132-b29e-d8999401f83a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a230b59-84a7-5633-a1d5-f55d586370e1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91466948-56ea-5186-a0ad-ddf9c2cc8f27", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a51867be-fac4-5543-8337-62c2c1d5ad3b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e362722-e58e-5243-a380-feb878e62211", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa3b9722-94cd-5a5c-95a6-dfab10988f6c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:027e5f00-3bc1-52c5-988d-b05dcaf1129e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57acb685-8160-57b4-89fb-9d89bc684e65", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22d5f1a4-ad29-5016-b023-41fea6ac9e75", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b735f688-d1bb-5395-a832-9c70d5bd249f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3e3bb58-2962-5a14-9a8f-8e874fb70aef", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2f9076c-59da-5bd2-bb0e-a62f99c8edff", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad78f005-b517-5cdf-8f1d-6ac5c01e1a22", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:245080b0-17e7-56e0-a807-0a476f971bf4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54b40224-57b3-5803-a003-02afb032cd46", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5687f4b9-8991-5e1a-86d2-73da24f277c5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34a487b2-c64f-5479-ad61-bc8a4143080e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef0126f4-1bad-56d4-97a8-9cde96f985ac", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c186696c-d270-539c-8736-cc1207d5a394", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4011b19-c136-5eaa-9844-d3527694feb7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47664a58-c43b-5d1b-9b95-019bbe728560", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00173c39-8cb5-50ae-8473-d69056a855df", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91466685-6bc8-596d-9ca5-3c8177c12ba8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5f9d2e5-3524-51bf-851d-dd81bd72984b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13011b56-931d-5832-83a2-c05eb86c6c2c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.2" } ] }