{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b8c0475f-a75d-5ba5-a6b0-c053bf09cb87", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a3b7ac34-6da1-539e-825d-ab327a6a42d0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c3532600-34e0-55ce-9372-0ea062502c22", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:383ba472-968d-56b9-8200-92b7557bbc66", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bd585d4a-2a61-5295-a385-cdf31f3ee003", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7069ac7a-5e25-59ab-9e02-b34144c37f8c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ea74ca6-0662-5a54-9690-0ca1c62fbf2b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:50ba9f58-9940-58cc-8f2d-a8b7847f3ed4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a2702e3b-6de8-5a96-a31e-bcf43c6c0d7e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:56c24b57-0b54-5fd1-b561-ad5becf74efc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6028496e-354f-5ae5-90f9-50702e9ba736", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f6cc5ed1-a49b-575a-b454-00cf6c3c9e08", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27aa45a6-df4e-50db-8cf5-52d7c1ddd1cb", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a66a4a6e-c9bb-57f9-80d1-e6fa1ef8297c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:23629b8c-2c7f-547b-921d-2b7135ff76bc", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14e0cf2a-969b-5c68-901c-5ebf12ab79b0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5466c554-3661-59c8-abf5-b4655eacf6b5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e93ca23a-a97e-5014-8b0d-ccfbda0c54df", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1fe169f0-3d1d-5aa2-aa46-6202af094c4c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9a398b1e-a9cd-546e-9e3a-ae84810adecc", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e04b3aea-bd71-5b72-96eb-a92a019646bf", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:daa5e7a9-928d-549a-9868-320cfd95fc4c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ae1bceb-d89c-5bb3-aa90-d90b19cfb1b3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d2dde028-7bbc-5aa3-a285-dbdd75796046", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3b6481c4-ece0-5ebe-864e-bbb9092efd87", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03029a59-5cbf-5dcd-b24b-46915c7fffec", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a550e37-60bf-5d06-b0b0-de3e309bf823", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d60a92d-bbf1-5437-815a-2d41f24f5b72", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68e5c618-251b-50e9-b4a5-f5ba85809bd0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0821bcca-ce0a-5f82-9a2f-45f8712311e4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:43ec73aa-25a4-5dde-b2fe-f82179b25471", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d6046bb-821d-5913-b2ea-b528fc5f637d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9355d8c9-96ea-5252-8b7f-654e8995fa37", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5475c53d-e887-5f1d-b35e-55176633b591", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7729a834-4a0d-5cba-a0d0-0a0d4741cc73", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c3b1dcd-0a43-57d7-8a7b-e951ce878323", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02ffae87-0ccc-5ef1-9aab-b88754a99a14", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13371fb5-be12-5ea5-b0f0-20f8f7a5adf3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.27-tuxcare.5" } ] }