{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:558a3844-56de-51e7-9a9e-d180b7d8aa46", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:27df0de7-19f0-5c65-9b5a-c337746d1f83", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:748d043d-4fa2-5429-aa63-be0e072ff88d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7f74ded-96da-55d8-be63-8472c9b9bfa7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e0dc8a1f-4031-529a-b834-76799e482838", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:63986b17-a4de-53d0-9b99-1d8362cbcce8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:812fd433-1c09-516a-a572-a4966082a84e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cc289379-2c49-52be-8641-88620c2be2ed", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9f71660c-c4b1-5b0c-ba46-9ba203fc10f5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b04d50a6-c061-5ba2-bab8-d2b4b8a8272b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08819fae-d738-51ac-8519-0daf5cbe39ab", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f4e689f7-7c54-5d21-99fb-5faecd27805e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5004cc72-dac8-5fe7-b514-456edd968876", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bb624a8b-4807-51a4-ad7f-1fd9831e1f84", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:505a8cf0-e808-5249-9541-c3ad5986ad3c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c73cc5e8-4dd6-5911-afe9-f818f80062d0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:26ee90b9-7f1b-5bf6-96ea-d5deccb5c7f7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99079af6-1013-5f3e-9051-e0889cd5482a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:637b7562-8856-59b3-890e-08b2cf43a259", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a09896e4-66a3-5e7e-9385-a1d32727e351", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61ffe7cc-12fb-55c7-8f42-29f4f4fe5f9e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:64189682-bba8-526a-9034-123b02c9b5c1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d980038-8cd8-5316-8847-c6c778bb8043", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4b3eaa86-777e-58cc-ad5c-bec2a2599ac1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ada1b44-42d5-5078-a1c7-e2a6a85dfd8f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27301dee-cb08-5ba5-96d7-ad35139e19d4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:709804ba-fbee-5086-b814-249481bedda0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f0cb5acc-853f-591f-a19e-e86e2ce47790", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b99a9535-126b-5717-b2c0-9377398cd6dd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02376423-c5ee-5ded-a4d2-ec4f25c449cf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:11875207-95cf-5728-95d4-2dcb476ebda6", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8abb7189-a1c0-5381-9288-c27ca9ce9756", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:597dcedd-0429-508f-8a7c-e0f425f09096", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7cb1f22-823e-5fdf-a768-bc38ef147fa2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:81bf652b-07a5-5b65-a3ba-8850c7d2fb3a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cc00a02-23c6-5e1c-bfc0-a27234525609", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2e6ff138-5f6e-5018-aa92-3c3cb12b5309", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e0231cb3-1434-505d-8593-087a8a105036", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27-tuxcare.5" } ] }