{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa67d6a9-f499-5c6b-9b2b-4f70acad98e6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:89ae0116-da44-5662-805e-046d7b50e2fc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9d9af08-ecfa-5df1-b9a6-0fc6bc16066f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b46611a-88bf-588d-a328-3ec66c772900", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02d70f0c-5387-5594-a2e4-a37802cb25e2", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9255422c-34c6-5d7c-9064-9a690c7e96c9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5da49d4f-a8b6-56c2-9770-8adfcd470237", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4871ae8-5dc3-500f-b310-426e4ca11bd5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff179730-e10a-55d5-ae11-de4a3525b189", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35e3905e-f083-57d5-a99d-63ae35b4b0b9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:914e33b4-b4a3-573b-bb14-55620d5d5704", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5d5ebef-91b4-5902-850c-c6941d911d21", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec91dce8-b98b-5ca6-bf0e-4c2c2cd3cb4f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55c194f1-6513-5820-9354-2612a8b451b0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce32bca7-38da-5078-a747-9ea2ef1d419d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca42f0e3-a1dd-578a-a127-bf63eb8c4f97", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9fbc436-d9ca-508e-84fe-5c4942de1668", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02225e00-ef10-52e0-a714-887e22a99b4f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b487adf-fa46-51ae-bee1-8006ae1ef13a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:339118e2-936b-5491-aab3-1f9df849e5eb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9092573c-5ad7-5f6d-b478-d89970053e2c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:519e77c0-714c-5f8b-9178-97985d972cef", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d732975-b0cb-5cca-aff1-983eca385b2f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a9d6dd3-ae26-5b74-9c2d-0e604ba23d86", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:823ddc59-6934-588c-a240-93893b1ee9d4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2872e21b-cd3d-5677-91d1-f0352c516963", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ca3fe19-428d-57c7-b2ef-8d428f4d4157", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5424ddf4-51f5-5f06-881c-05a24d16cfce", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ff34cfe-faa3-549e-a05e-12cbe137c08b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ccc9a90-0fe0-5c44-ac4e-950bf6119bff", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02e16e25-3df5-5f70-a754-3830aa759d5d", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d21d663a-0c4f-5f3f-93a0-9e2ce35b8562", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7b31371-037d-5e9a-93f4-5c76b8d0eaa1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4498184-0b57-5c9f-aea2-d7a7ea95d8cc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e84b6259-58d3-55eb-b70c-56f9f60bad88", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f71fc789-5dda-5581-8fc0-d3be89d3b5f0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35e89dbf-793b-5b89-81b3-b31d9a1b3e3d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4ae8deb-e701-5577-95d8-e82748168cbf", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.3" } ] }