{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:96285b0e-09e6-534b-9810-4a51a931d752", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:15f08811-9b7c-56da-a172-f18c89ea0ea6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8261c482-ad09-5135-affd-6ac05b8828d0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97dfaef3-1c6b-59b6-b2b0-6fdd5d1dc423", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0365f8b3-7443-51da-a016-2cdd9f92dee5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6be75b97-b1db-5555-9599-45098fbc3515", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45cf55fd-293c-55a4-bd19-29a141be2288", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd741e3b-14f8-5ddd-8484-4cd34b10f56c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3da1b3a-bffc-5a28-a075-309cd111e05b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a7c74f8-fe90-5f82-8be0-929b7c4320b3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60cd5ad6-2ea6-545f-ac27-d425953fa53e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2877a378-dd39-5111-a223-e2b77bbecb65", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:733e8dd4-32b5-549a-aad8-d7ce3fb83754", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:af27e9fa-62d3-5e1e-8896-6aeac3a23a3d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2738472e-4701-593b-bbd2-c27956306603", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0f5915b-742c-5eec-85f4-42e716efef31", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37096519-ac47-585c-a008-30c9d288356c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6630653b-f92b-5918-8b59-2daf441c1751", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13afa246-1b9c-5184-8a62-6b43f544fbca", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b2ea9ce-25aa-5a14-a11a-55cb2ba91f65", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97e2c20f-a30a-5c81-8d5c-2fb8e7c6f5ef", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6e344e7-13ff-5d15-a14f-50c5ecd42d5b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:12d9f45d-b387-5009-a971-fcfb3b2f010b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b14f1dc2-ef7d-59d8-b198-98be329e1753", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67a71cc7-8b9f-58ef-b0a0-9aa974f25258", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e48fc036-06b0-5025-b249-a215feb246e5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6cf718d-6eaa-5a38-808c-f20222bc2e2a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5abe6c83-4da8-56ac-aee0-f8487778103f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c94dda44-0a3c-5439-a849-54894d4584e8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40794832-1127-5373-b3fc-20b24277dfca", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9edc5426-fe0d-5f05-a1ff-daa483749478", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:715f71a8-de99-5eb5-a908-512233dc959e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3675b2a4-7db2-592c-8126-ad73ab2b60cc", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ac1b1e4-14df-5ad2-be89-5b583c74627c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bcbe931c-a516-5314-b9f6-b97d29b19242", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7553a26-7d45-5a7f-85ef-58eeed10fa01", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a7d5b9b-c946-541c-94da-b56aa6647167", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70fa2e88-13d3-543d-a47f-9522cd7dcbee", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.4" } ] }