{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6ee54ff0-84e2-57a5-bdde-7e86c4aa63ab", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:23f696ac-17d1-51f7-9cc6-95f9ea835414", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79a24552-44e6-5935-8c06-1e2e2c150dd7", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ace20286-17c0-5391-b14e-06a8e5ee5045", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46d63e46-de69-59bc-aac9-c386bdd44337", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2599e229-d03b-56df-bca9-dd94026da180", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cd8278a-c695-5ac5-b3a5-2940725a00b2", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d1e3ee7-8d8f-52db-b2d4-e347bea7e1c8", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b054421-5c30-51c7-ae2c-ac40e7df498c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7662d29-c44d-5cb0-8263-02cd7200d986", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62c98d3d-8296-57d7-9284-00c81bbd41a0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8193675f-7f31-593c-a047-db5245db244e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:559878d1-3864-58d2-bd91-62d4d5989e26", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b79c47dc-6ca9-5a80-91a5-6d720686de5f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:543586d0-be92-5eff-b2d7-3ec44bf326ca", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:175ab6d5-175b-535d-892f-4b0287d45cb0", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ff28656-73e8-57dc-9dcc-4e4db768b67a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31e77909-9138-52cb-831f-6f9329c7c21b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c536a965-a3e5-597f-8141-58c13e9b40d9", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12ae9414-3276-5b1e-8655-7d6a261d9fbb", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbe3a034-b6b5-549d-ace7-ae68e345e8a0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5040285-1f1b-53fb-b299-1639627e4ff5", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1acdec9f-5a62-570a-b5ad-f415f7686624", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-jcl. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67105064-2cb4-5d2c-aed5-9f658f0871fb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2022d659-4112-5445-8b44-5a9a58ab0fa2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15b5b8f9-e1ee-5e99-81a4-5b5f35e2c89f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34a4d717-cb6a-5427-a56f-26f69fb91814", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a8642cf-c566-556a-9c44-09bbd56261a1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7361c1dd-a362-5beb-a5bc-1bd42b1928a8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8774b6cc-f44b-558b-96dc-ef6fcbdfbb03", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f99be28-2400-54bf-a283-9b15249683d5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b0c61f8-a8e5-5379-8065-56d3db66413b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d7aae01-ea7d-55fe-9fee-66f731c822b7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bc744f3-59a3-59a1-b197-90e13afa2042", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d80dc7c-13e8-560a-b3c2-48cc036ae7ae", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6135ce2d-0bbc-58ab-a458-a79f94a2b65f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc1f08ff-b020-578a-95fc-7878cb60f24b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.3" } ] }