{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9db3073b-7145-5b09-a119-a694f742f508", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:888e993a-85c7-5d74-93a4-f699e89a169d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:308fe190-06f8-500a-ae23-7e8b3fdc69e6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13230651-2c05-5876-90e0-16e0fc233864", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73f50dd1-c740-5494-8875-e4cf31744059", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bdcbf82-4504-5279-8fb3-267f9f1d62b0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a196a665-8d7c-5de8-bf5c-e246cb9321d7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5966ea3-96ac-5ba6-9483-828a358b1915", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:121a789e-353e-53f0-9654-c3bd765b9bb8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2231362a-90af-59d4-b5a0-9a80f35c780d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:608fd830-4350-59b2-bfe0-d8c5ee24372f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aebf6955-1f98-58c2-a507-7d70e3e609d9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:798c628d-b3a9-535a-b772-9759fd2b9559", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff97e4a6-fc94-54bf-b9d3-5a43fdae4bb0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:787ac52a-6e51-5f1e-85a4-3a7f013de8e1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40a143e9-fef8-5a97-9264-513a1a9b6218", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d2641af-7216-563e-bc95-e157d040cac9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8c17682-3db1-5b91-aff3-87dc83f6ce1a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edf14076-3946-52c0-85d8-028091cd6a64", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:afe3ca82-ed66-567e-a100-a157b61d3885", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72172ca0-0352-5077-8131-b84a2cdeb70b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f1c61fb-e476-5c70-856c-c67919af4d28", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e38e1b74-795f-5375-8dca-9fada34dd35f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e2c6189-e8b0-552b-962b-c6b70711defb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab595d3d-9c6d-5e7d-a7eb-5eb30b54f4ba", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e20a33d-4b7b-5cd6-a7f5-660762c47386", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0afbbd98-b7db-58d6-a6c5-46d0695780ab", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:317632e2-f032-5251-bbd5-8ebbeb83329b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6afa1fc-903a-5eb8-b2d1-e63fcfa0becb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b915658-7f22-55e5-bcfc-39a8404987d8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:360ebdbb-a3db-582c-bfd5-e65ff2defbaa", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d953e970-c747-5533-b9f9-e1f27ed91743", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0b1aef1-3971-5426-9813-eb61832959ef", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45b48d4e-7e68-51a8-89e0-f444e8eeb1af", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5796e0c-fc5f-5a2a-b052-25d7681d3a26", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f91498b-9b8a-5ce7-a29b-c87a843baef7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1dc9e22c-695e-5a23-bc3c-55adc0b4e420", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb45146b-186c-5d6c-82e4-cb824bc30c09", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.2" } ] }