{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9eddd2a8-4b3e-5bda-8193-c50e5d2c3ca9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:85f831af-5d45-539c-8bf5-7ca58b4b9ef5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c857eb9e-66e5-5ed8-b258-cd47ce91bf7e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f32a8b74-373f-5cd0-8210-e8c2c7f8af8b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:187fbfa0-e650-5316-9656-1b51e6b0fb5a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2b7bc763-179e-51e9-a179-e23866cf7c64", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8168b915-887a-5b33-8dbf-aac2fc8b13b9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aa3642e9-91dd-5a4d-a3b3-048e4d4453da", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:849e1587-162b-58a3-90ac-6240177faff3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e65269a6-9569-509c-b188-5c838df70267", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c23b6a1c-c75c-5cbc-9ab5-8812f556e625", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:64c604a6-1497-55a8-bd44-132861eedb92", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6f59834-e4f5-59c0-abf7-7fa92b785c66", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-core 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:df228734-d142-55a9-8550-c1cb64083bf4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4826847a-0470-5ce4-8d24-78f7d433672e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99ef2980-e2c5-5144-b85f-d9a3a006199d", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c323581-d947-564d-b453-1823e2ca2eb5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4b8de9e4-ed55-5375-b3ec-13b59c440059", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6921408-c247-5ad8-ade2-57d0dacd577d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e064610-b5ca-572f-abf4-5c6d45b9afe4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ae360a8-812f-531d-a60f-aaed3b32f728", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:16cead9a-b24f-5268-a98c-9ee638145e5a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f79f8cd-dec9-5df6-b884-2b5ae97df436", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a0b6678-2bb3-5de2-8d60-1da7d6da15f3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-core. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ef0ff22e-ed5b-5c68-b0b9-fc485a801e57", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8af2330e-52e1-53ba-bcd3-306e3d0b2699", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce56b56c-a2fd-5765-ad2f-1cd958e7b67c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:19a095bb-4613-54c3-96fc-51c217733698", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e9cbac49-f4bd-53b7-a675-f5c2e72c570a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c07a31d1-8591-5468-be33-b90d4a1b4b9c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cda7f1aa-7ff2-5161-beef-4eb2d3c5d18a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12f3767d-eed0-5aad-9eca-c9eb86013842", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d71c9b9-7ca4-5ad8-989f-b4692391f9db", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5f7396b2-1ac3-5e94-a9fd-31395a197327", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77bb1ca1-f84f-5bac-ae90-c710e8582e4a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1632b6ca-a58b-578b-8a65-2947d85eb52c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b384ca4b-4e1e-58b4-8fa4-1c3b6405ac8d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2d97f8bc-7aca-571d-9ee8-9b99d701cf3f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.27-tuxcare.5" } ] }