{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:577989d6-68eb-51e5-9236-b00b5bacd8bd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9738969f-30f0-5b7a-9ec2-46b79077634b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ae9be43-a903-5fc7-95fe-8e338e4a89d7", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb1e54aa-f006-5296-a5e6-e98ff115baa8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1adb2f88-41ed-5bed-a92a-99f85cab2bc3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86ef123d-78c6-5055-8883-528759f5e45f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b517ce7e-8019-51de-8b09-737955b95925", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9289f767-d292-55a7-9609-129be3d918ca", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5f58e2b-8fb9-5ba6-bf32-861918cd9e6e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf7f0b19-4e6c-5d36-842a-166f4b7ef8bc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a896e26d-951a-5a8c-831b-470279ab7b42", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33016f5f-2b8b-53b0-baf8-fa82e70187fc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ae9164d-df09-5e81-9afd-ee8844f8c24e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62e36615-8157-53bc-983b-b9eba0939b23", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf90241c-af0f-5ae2-a963-4c686a221506", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a661974e-218c-538a-980e-79693af70d6c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:baf50485-41b2-5727-97bc-0799fc15d72d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbd8b9e2-9b9b-5fb3-84d6-74efb6d092d9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4bf79b2-5a90-5575-bd9d-0fb6e17745e6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ae08c4d-3967-57fa-bdd9-26383c1def05", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de6110ec-9a07-5c89-bbfb-058541edfc00", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb5c0c7c-59a7-5e80-b725-1f74de4587e9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82d1cc79-c2b2-5e82-bbe6-0c55b4703ad0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:756d8baa-8b11-5dc8-a789-e5e8582b8104", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:429bf0f2-a1ca-588c-8223-3f0097e3f93f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef4c312e-60d2-5ddf-886e-59a0558036fb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90eefff2-1af1-5af4-8f3f-a9628809f5a0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fdbe6a7-1951-5150-a458-478740a22373", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3121b8ff-0979-55db-9f00-234eebb7b78a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6288753-7102-50a8-8c62-74ba8ec3990a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aaf6c5d6-b54d-5e2a-9335-f1197ada4f31", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:509f6f7a-e5b8-5cf2-9c4e-cebb8ff10faa", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f84c9368-b9e6-543f-8ff7-bf362d95cd19", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:656c0d7d-501d-58c1-97b7-3e674e921490", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b63f271-8cfb-5d63-9694-bb24acdec568", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca5eb33e-30af-5562-af00-240ba71c84bf", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a763a0b-bd5e-5bc1-a0a3-bdb8b212c89a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53479019-44e7-5538-8def-727fcb03cb83", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.3" } ] }