{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:98eb678f-22a0-58b1-8580-8f828ba1a37a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f564158a-33b9-565b-94a6-ea437617e1e5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07ffc3f2-26b3-56ed-9645-7550b6754586", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a95fe3cb-a92b-5105-b551-cc153e28ba1b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9f7535a-0bdc-58db-82dc-c787fee16bb1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5005af34-b701-5f1c-a5f2-2a6f6639d8a0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ab199f5-7b19-5cf4-a437-e7b0513d33b9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5592faf7-ecf2-5311-96a4-d462021b18f3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46696b89-afe8-50eb-b684-22a82f9793b9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:802b3b91-b0f1-5a57-b773-b94c192620fe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec5796c5-5897-5b1f-9fd1-738fb42ea761", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bdcaf8ba-3aab-5cf3-9d0d-64f9212da589", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68923f33-17a1-55b5-843d-b4770853d6b1", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59ab7ab5-2882-5296-b218-88ee4fd04891", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:208017b4-3f48-54ee-b31a-b8e9b8441b3d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e838d3b1-f201-5e8e-af93-094cff78fa43", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d034421-b229-594b-99de-da74da894b9f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c990ba33-38a8-5e13-8220-4581bb6feb7f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:256b490b-039f-5c05-9261-75c22c7b02c8", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c08d590-092b-5916-9977-ff0384416b17", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2409d826-bb55-51d5-ae5f-0bfc42af7e8e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15f776db-fe3f-51ee-9c90-07d8e4ca6704", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db88b8a9-22a6-5a18-9c35-e48bed3a9af7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08aab339-4cd3-5d09-8e89-cf7ab43dbb7a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4019ff5-78e3-59c4-bd71-6126352e9ade", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c19a606a-0185-51ce-8343-512bba5ac1e2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2176a6a-4a50-53bd-869c-d3a8e8524815", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0aeed641-5bcf-5069-8892-59f8a1d827b5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91f22ca4-e91c-55d7-9630-89e75b216452", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88883d01-c8a4-5b30-b362-f586108a8faa", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e67f94f5-e18c-551a-93d8-8168241780d0", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:345346c4-5684-538c-941d-9ad23aaeb641", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:976360ed-3ee3-55de-a633-0418d1642ffa", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06f70aca-d060-507a-b82b-33a8bc255185", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f330aaa9-b792-5699-b280-cfc4efc87557", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:487849c3-24b3-5cb3-8f61-6b0afd73959f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4fc19a81-5a6f-5128-b1e4-a9fbabfb3e2a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:147abdb4-fd99-5f2b-9cd5-fff323201b2e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.3" } ] }