{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:471aa17b-c852-5162-a827-4c8287ba33bb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:82a2bed9-c7bf-5053-bf35-d91b736783c5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4675b5f5-6483-55ed-b289-43cebd997fb3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59ad278f-6d91-56f9-a22c-9e4714f2c5dd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1f858e2-d1a9-52dd-b233-e20749fccab7", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fbcca9c-c583-562e-abb5-c8f6ca4bae4d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e962c28b-d94c-5e4c-b151-23abab8ce142", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:992c8a07-c037-5901-b0e0-5533e1081368", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c4411d2-76a2-5100-bd37-b60af6a4c008", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:881d0ed7-bc8c-5416-8f1b-aa5c33eb1c57", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cfe2bc5a-c8e1-5535-a3e6-97c1d71a4f56", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b07c208-6229-5664-bccf-dba7bfef751a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e763a9a5-5480-5157-bd29-03b357b88564", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:010ac3de-1543-573f-9992-d4fb5ffbb1a3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a94932f-023f-59a1-ab9c-06cf5082d321", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5b07ac9-67d9-5c5c-aebf-d26ef6df5ee2", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93d59505-2cc0-5989-af3c-ac1afd842797", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:565ec5e1-6035-5ae7-a7fd-811f69499a09", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64c0d32f-c743-5331-ac22-5e5f50dbe1ee", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:989099b6-ac25-5d65-81fc-0dcb1d920de2", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c6ccf58-591a-596d-b57d-d1f752843ebb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9d5671e-4d59-5116-8074-b5e2c603a209", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98ce3ab1-2eb4-590a-a83c-5c2474809a70", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-jcl. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32f011af-2840-5e09-b83b-bbd3fd168b06", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4eb822e7-c23f-50e1-8b16-9b28dc82c323", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6b79dc4-7111-5021-9bed-a746436571ed", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:145f6d25-a593-5e68-83f7-b6166f827f72", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b94eae8-3230-5148-9526-17406c5d683f", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c95df7d-f611-5224-89f9-488772b77427", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:047d01c3-5274-5bfd-804c-a81afdf1d078", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61a13b97-323b-5146-9110-10685d5ef42d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90e90efe-5e36-52b8-8ac8-88c14bf95214", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8776ea91-4098-59ff-a00e-d108217efe07", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d595cf4-aa38-5f50-a5e1-70bedd8c3602", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86072cb3-0f07-542d-af11-7186610d91d3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3a70b64-3ad0-5334-bff1-9f0fab959c90", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2a047cc-961e-50b7-912d-233ef625ae8e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.30-tuxcare.4" } ] }