{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4040ad5d-8fe3-5a99-bef4-e118edadb225", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a7e3af10-f43d-5381-9f78-674131ca8d2e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ceedbd2-f930-5648-a4de-e5f51e9566c2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4b06a47c-91ed-5c72-97ce-d8f4c046ade6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1cdd7f54-469b-5a55-8a3d-abf028c3e352", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ba15621b-9dca-529a-a771-6ca8ac989d67", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7c94f38-3182-5874-82e5-31c4c888fc2b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6715f668-4bf0-54e1-8b94-0f75ac3ec4ea", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58322e8c-b892-5e3b-9304-2a2a737ce4ea", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c02ecc30-3153-5e90-9c03-3e2ec6ba0a02", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71cc81d6-6549-5466-87ed-44ef43a0ed47", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c8d6f688-50a5-56e1-ac8f-6eda78a9a164", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3608584a-dfd8-5166-8bdb-98041dc07f09", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66794163-bda4-52ad-8059-fa28ad84014d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f474125-d092-5190-9f69-7dd171e1e655", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49740151-e2ad-5fd8-8f6b-0609e415ba72", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e046c8bf-ebc2-5b14-bc7b-1dcab076071c", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ebe9b3c-e866-5473-bf89-18c872c469a3", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:111c8a93-9696-51b8-be59-5a91cb7b8d53", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e8d4dda4-f34f-55e9-8a9e-2b8170e13739", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7093227d-c803-51f5-8ed2-e3c525029c99", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:686514ce-8e40-53a1-8a41-dac0fb940d2d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7123841-edfa-54bb-88b0-e58593ee89cc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b11cbcd-41eb-552e-affc-3236e4a8a885", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7d7b3d6-acdd-5c64-b1ad-803dd60cbb07", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54d28d2a-a2d3-5753-9050-bc423fff32b1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6b73f92-cdc8-5230-99c2-6faf747cb807", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:222a1bc1-38bb-5e78-b70f-723a7767cb21", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3b98e067-3b7b-5b3e-927b-5b8f3ea9f2fc", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a827619-ec92-5cde-8a52-9e0f8c8f2961", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c86b9e05-3995-50d9-a21b-7ffc764e66ea", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da022724-552f-536a-9928-cf969fc0fbcf", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b1b4465-a415-574a-bd63-b01d875422ee", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88a8bd8d-2fd9-563b-901b-6a6ce0ae9974", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d97ab1f-c76c-5afa-968c-5f3a41c22d0c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:51aa0b3f-0660-5657-8408-30c74e103eb5", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e642af0-7c04-5406-8798-370b87daa3fc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d648e87-bf5c-5515-a9f5-def1dec71fc1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.27-tuxcare.5" } ] }