{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5560e6ad-48cb-5b15-b25f-60263be153b0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:922c9094-9901-5fe0-9a6a-37d35be65375", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a08df01-a0d1-509f-bb5d-e2b47f52f0d4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dff59290-2158-59ae-8482-19a338d926ae", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a50015de-0d6f-5815-94fc-2a499e1acf3f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cbd9760-fe9f-518f-8892-81a0b56ad064", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:651d6e53-4970-5196-bac7-61353c7c55a8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8294a719-c363-505d-baf6-3421ba1d6898", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf288684-b7be-523a-96de-0467ce44e12a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13262355-4ab2-5efa-a237-ada3b91b744f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b4f1e2f-1b0a-5ce2-ad84-80e1151aae68", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28abdf23-b398-538a-aab3-bdc852a24540", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e79579a-ddeb-5e90-866e-ad62bb097043", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3503210d-ae89-5277-8f14-1430021750b7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:839de177-79ce-5a85-ad96-583f9cd35c84", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c093884-8865-5164-8aac-8b5ea7ac91a1", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0014343-a072-5981-8903-754e74e9a1dd", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f6447bd-7358-5eb3-931d-d59b35cce70c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ca22694-77c8-5f57-b81b-13ceda505d37", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bba1df7-a84c-5ad2-a346-6673aa4fd123", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06414c8e-6a94-521a-9205-fefe4617c9b0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46bb1d16-1f68-5369-8ddf-e89d137bc730", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b75c386c-88d3-502c-9395-9f00c2165144", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-jcl. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e985b48-a75c-513d-9b52-35c9f1e1a7b0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bebd6eb3-3f5e-570c-99c2-e7809bca9f5d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a887363f-287d-58f0-a572-f36704176a26", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b94ddb2c-c49f-5962-9dc4-9cb9b7c508ca", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fbd3c5e-542a-5c98-887b-1ab0cbfc422c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccaf2d74-4370-59b8-ac83-e3817cdbda58", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2724d841-e500-5082-a844-16cd62776564", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb49919c-1208-5cc2-8846-0793bee3f8f7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2780768-307a-5efc-b34a-f56b400acc0e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66f02c64-29c8-5a4a-8ba9-13612b28b164", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:723c578c-bc50-5398-9969-9d25aa7b3210", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b7afa67-48bc-5fcc-82c7-f5236bb7743d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7a31bcc-66bb-5129-8707-087549810476", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d3ab1c0-1219-5948-9519-c0b5e2d94eb5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.2" } ] }