{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9ef8c2f0-b53a-5a27-9269-b4e77612c21e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:453ee283-41a3-5ea9-93e0-451fc1525259", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83e0219f-ed15-50f7-bf62-7c30e30c3fa1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eef67900-dd40-51c5-85c9-eba25e2d7703", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:878ef89b-ec3f-5123-b73d-3833d21160d4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f239fed4-b316-55a1-bcd2-033826e30513", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a9013b9-fbe0-5757-9194-25e657460be6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2ac1596-828a-5e99-a34f-7ef8c0fe88e5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc94082d-d8a7-5357-b0d6-1b5ecb383eab", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55b382f3-a6c1-5a5a-9f65-957492c8e5f8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f43752a7-8f49-5ad9-b3d6-443902531a68", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abf981c8-bfff-5925-9339-9d7231ec02f0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21e420f1-9b5e-5e8c-a277-9c250ff83a1e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c550251a-c48a-5770-8045-f1e8c6cf925b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a889cded-382b-5f3d-a442-e92abe8e38d5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc3f1e86-ffe3-59eb-9eb7-586577254e0a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46898e9f-7013-5ba0-9ec4-d9e1ac6b6733", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa45d998-b8bd-5e13-8dd6-9eafd94773c4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:512a99e5-3b9f-51c3-81d5-08008b194e39", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d13faf0-83f0-5db3-a915-71576f4138f7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70d34a0b-03eb-5009-8a64-6e83e7972d6e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dff7d705-f290-525b-82e1-0d67dcbf7f12", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d8af0654-743c-5d4e-8cb2-38d1d70ea3de", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33991419-747a-5586-b628-8998ff1a7198", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6a79957-1ca1-56d0-8dfa-fe1410862ef2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06b589e7-03aa-564e-890d-1bd5954c7c29", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:550c63b3-f3e1-5bad-abf3-8649fcfc4764", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:264a4463-35c6-5c87-a86b-3ac88244f628", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d70e8314-4a35-5df2-b73b-0557fec51903", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b6dafb4-1d21-5142-8106-6bc184b7af58", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be586afc-e5e6-5bf8-998d-932cb6cc1da8", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1714fd7-8937-549d-99b2-ab00eeab05f3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83778120-9fcd-5195-879d-695ee76c6866", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba85a0b0-fe0f-585a-8015-16b2d28ab71b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5d1d87a-c1a2-5316-a0a6-815082e7f254", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26b983b8-81b5-5d37-9483-65b801a60f59", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33405c84-53f5-55f8-9c28-ad2316fb7218", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a0acfe4-1e3c-56b8-9be6-4ec992c370d8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.3" } ] }