{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b3d53ddd-8842-57e6-891a-5ae99835cb75", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8afa64b9-f22b-5a74-9ddb-a23f3773b717", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0265668c-2496-5d7a-bf60-15bf92509370", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2091790-ca39-54d5-903d-d7dc46871921", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e7377b3-fbdd-5058-ae90-32bbf31c5a08", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e89e41b3-afc8-54b8-9881-6916a72343e3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69420f60-0b0c-5a2f-b590-068018ae1e79", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d27704a-51e1-56fe-b645-aea0c111ecc1", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27418e41-7561-5282-8193-075a618c5f27", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ac8ea5c-7cad-5032-b987-e08ad1232141", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0da69cd-347a-5421-8726-bf9536389bb1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b36a1ab5-db86-58f2-826f-9f39ce8973a8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d68cb93-5845-57ca-b625-958a053dc805", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-test 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ba89478-5cff-5867-a305-1886d6c73504", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03c5430e-c595-5a4c-90e2-5a121393fd18", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bba2887b-7f7a-5db0-8d50-d7eca721b56e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4718467d-6119-57e8-85f5-b82f41bdc14a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b59ac2a-b523-58a0-9e53-823f14f579fb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f11f8383-74fb-5650-92ee-b107a24b6cf7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6942a10-d1c4-5f58-b321-e75c4213622d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f3bfe91-13ac-5617-b3b7-81fbd6480408", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86284423-1f61-5d8f-81ba-db4cd428caa3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65978e85-9dba-5cb2-b953-822cd1f4960e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1aea7fb2-45be-5c6f-871d-0d47342483ae", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f201a44-4774-51f5-ac8d-3c9a50b0ae80", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40039972-68c6-5ca1-8e36-86b6267049f2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be4b4e12-fca5-5eaa-8cae-da5d94005098", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:291706bb-6ebf-56b3-92cc-67c2d753dafd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33a5e476-a41e-521a-812b-b9df38293d16", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:650ec85c-779a-572b-ae67-149ad3448eec", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0637fbb8-2b48-5bef-b1ff-253bb89f6e65", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a05c5000-1e81-5f87-8019-56c0c1eb9150", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:076a41aa-2857-5b60-894c-af5674031228", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dae589bd-27fa-58f2-9c62-480b6180152d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:313d4bb1-914c-5b66-8086-f7c11aff0860", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02bbe3ca-89b6-506a-9992-ee2d89cce25a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eaab7b92-8d38-5a8a-ad8c-b64738a365db", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37dea692-1f15-585f-ab5e-096760c0efd1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@5.3.27.tuxcare.1" } ] }