{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1b1140f3-d506-513a-b212-411ffb316869", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:176683a1-abb1-5753-a2bf-4646bb8d77d7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb207f3f-7434-5c00-b15a-43e8eef45879", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:11de5292-c363-55c8-86d1-681dde7794b1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f29a0d2d-07f9-5b30-8329-6b964b74f061", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c8a6b02-71ea-5333-aaec-6be7a52731f1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5f216f9b-4100-5369-8a63-ff6e97f63b16", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:70b4bcfe-4605-5b5f-b9c7-b679adf7d6e4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f1cded1f-446d-5a83-a95b-f0b768bde41d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1064139f-f91e-5a08-987c-d3257af3dfb9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b0eb1d4-5f81-5d3a-b263-ee0bade98079", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d58883c1-6829-5a2f-a6b0-4c19411cfb9a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6fc5d008-88e3-52bb-af6b-e67386fd232e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:11f109b0-b6d3-59af-b1c0-55242563f000", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bfba5648-5f25-5cc6-ad43-1dcae68c3eaa", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b726c4bd-065a-513e-9e8e-d08491abb3f2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:134686c6-66f3-582d-8875-54ab5eb7c219", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13dfb16d-9a0a-50d2-9d91-7a0a3870b76f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:92efd3a5-7d57-5a8c-8cc3-29304a4b70c1", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b089ca1d-0564-5112-919f-33688e9de199", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7c53d803-a429-512b-bf7b-e5dabb1d8459", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b61bafaf-7a4f-50d9-b71a-0adf004214c4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66eda248-eb68-51ea-9f46-13e7d9f78345", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:35efb9db-7a7d-5a13-911d-22b0af438f7d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fe44189f-b54d-52c9-a393-8e566081aaf6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e39d846a-8203-570d-b715-ca0030db42da", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2d42cef-2cb8-5a66-9f82-862f278d52b9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9310887e-9376-501b-8951-d42031a270cc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e88d6a11-df1e-5344-baa3-155ab83220dc", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8328fa02-0726-5502-95e0-95c33e459c36", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dbfca616-3ae6-5ffa-ac0e-c7da0ee33ba2", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bbd76076-a913-5c45-866d-088028cb83e7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c5b2de9f-9441-5646-889e-8179bd91ba4f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3bfc3028-c10a-56e0-9452-de9ec14e51b4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bab1554-4432-5e71-8a92-a274415fb4a4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb7a2a52-0226-57d4-b678-0e8edda59566", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:419d8cf3-6a5f-52f8-9ea3-48b433e6b316", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5e98d273-2494-5221-b202-d2de32862528", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.27-tuxcare.5" } ] }