{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3bd4bab1-6722-54ef-861a-c25decada96b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:91eb86fd-e253-5619-b55e-08204a7fd1e2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba92394a-997d-50d8-a68c-7d4e21992992", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:319e9c84-72e8-565d-a958-b1656b08c725", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e64b9fa8-0f75-59ba-834b-dfcfa8a7d3e3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9e89829-2ebc-5e1b-a489-fd675f4fc427", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:066934fc-eeda-559a-808b-95368b41a74c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf01fd36-319e-5cb3-8df4-b8e24a5cdfe7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4cca3a7-824b-5b17-9b72-65d711f93f67", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16631bac-c6e0-5136-bf89-f570c2056f08", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a9e7ef8-0851-5eb4-98c3-57603c6e8119", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:52d5411a-588e-5466-ae92-373f847e9cb4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fc81f71-b61b-532e-878d-9aeefda0a7c3", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d15e1d0-d6bf-5359-af02-b0e5968dba09", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bff4243d-232e-5b05-bb5f-d1a22550764f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fdfd1cf2-46dd-5aca-b847-9f38369bbec8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a42151ad-9425-556e-ac79-d60bfbae98d1", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e83804bc-b116-5e84-9d5d-5432e74b39e2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3da172c2-9c2a-5d83-9716-b202e7307ec8", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab822448-8954-58cb-bccc-073f2947136e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:51e68ef8-c936-57ac-9253-624c4574a766", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1fd0e433-3964-5815-9533-89abd0410576", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5825516b-ac64-51b1-8e8c-31fe60276fdd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33f3e148-94db-5084-8afb-8f4de54511fc", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59186973-dd3c-559b-b2df-92c04d961c4d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cfce2e99-1c67-58a3-b063-2581572c9b72", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fade3f1f-f40d-553e-8148-058d313fb68f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce284055-a9c8-5ed0-9ae8-f8fbc16f2962", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a4b6987-c78f-5ddb-beca-1cb601e30366", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d0bdf1d-5a3e-5897-b2e6-6dd10f94690d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e2c3ca8-6d46-5e98-aa7b-527a0c0c7b76", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d6ee3c0-54a4-5d39-8022-9d0040ef0406", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d083f715-573a-5cba-8fe0-5f6955ec3a9a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3135765e-2195-51ed-93bd-d30e43140a07", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4c73cdb4-8b0f-5759-864f-cafbf101b924", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5999737-3708-5066-bc91-cc86bfe8a40d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:799aa912-3d4d-5c4c-871a-f07bbe819834", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:acde57a3-84c2-5bbe-b0f2-ae39167d0369", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.4" } ] }