{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1a90429a-b39f-52b4-b0c8-bf4421248614", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6a2cd09f-09af-58e5-bf01-73283cce12d5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d512a9a1-5b7c-5ace-9ec2-a29fd15647b0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0294a9f5-e819-53a8-bfcb-b023d11b1a3d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfadb4c0-b99b-50be-b68e-a76017199bdc", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a22c15c0-5e3e-55c5-928f-f4c3b5c923bf", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ae004bd-b99b-5aeb-b714-4aff76c0f7af", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebb8eaca-118b-50b5-a149-f1fe848de7b0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1097c605-6947-5943-8631-aac6fa726a2f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbb9a0bc-d1f2-552e-922c-cfd0ead8cf14", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a17a7fd9-e474-5e70-a940-4ec17534b70a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38d98dc7-e52b-592f-994e-85fc4067d4e0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e105f2e-caae-524c-936b-18ed357decb8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97053710-6af9-596b-b011-571e966a086b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9da98e5-d065-59d8-aead-61fd16b16bb3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc28fe4f-21ae-559c-893f-852f3c2c1391", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69f53597-ac1e-56b7-a5c5-bb5bb10e7b02", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e84eed1-e7e8-5299-8953-c45840aa1eed", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:624fe39b-d1c4-5c30-b829-d733485bfbcf", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7fd8e1d0-7bcb-5323-a51d-f1ff7cace91d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7599232-a0b4-566a-b3ae-1c3d9bec704b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3649b8f-9128-57ad-97cc-3388035a6535", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9dae02d4-3ede-58d0-9996-5e5d5dc0348e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b0d03d01-5e44-5a18-862d-63e80ed03087", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33e8fa24-61fd-5a93-b019-09fbb69a83e7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49720216-689f-595a-b830-31477eeb9daf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7679a031-b85e-53cd-9a0a-4336e70084e2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b525b5f-c989-5279-8f3d-4418778b4de0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6ebb5d8-d8fe-5315-bae5-6c7e6bb6b2f7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aa2e08dc-e076-5557-bb68-c9b9a6d8df8a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cb020f1-6078-5147-a8eb-1ab83b0ff574", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c99bc1cb-ae84-543b-85e3-ac3398273601", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bba1e7e9-3f74-578d-a6a8-14d9272c68ad", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19958c69-03ef-596d-a835-87d601a03347", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf8388b2-5122-51ec-be5a-8f03f5eb5db6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d03fec6-7314-50e3-8487-2651eb44527b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:493a1f1c-9fc2-5f63-8c56-c073054cb4d3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:424b635d-117e-57c1-ab6c-514e7e200399", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.4" } ] }