{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f972ae69-508a-50fd-8bda-78fc074520df", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bdb71c82-b1ee-548b-aa75-700f142edea2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:65224e34-557f-53e5-bb94-f0c3e5a0fb2d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2eda73e1-a36e-5bc7-9912-d33d21fdc4a7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f7240de4-fc8c-566c-a63e-1b5671d4f695", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aef3a00c-5e48-5392-8a0e-1e25372887ef", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:50ca3176-813c-5bbd-883c-934bc047ac51", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07a4e04b-ee3c-5d47-b6f8-62d1cfe4c46b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2cf2db67-ae54-5388-b5c4-8ae5408d8144", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da7d3e35-1b5c-5620-8ba0-6d26a373cc6b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:01b7dbec-2e80-5421-ba45-16bd095677f2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f30a350c-84f2-576f-b33d-e7057f5a02a4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ef79037-df4e-5b99-b304-cc8c3dac3864", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jcl 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5fbb8ff1-0f52-5d42-bc04-397ed812d7f6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f16f2c6-6c03-55bd-9403-277237faf93b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:639853dc-6194-5ea7-a976-60d663d72f80", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ca860174-3c6a-59d8-be75-1085b1d0ad13", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61111360-fcdf-5ce3-9cd4-750bc2a75547", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:821d1f13-720a-527a-98eb-4cd6d7666936", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d138bde-2c53-5b27-ba6f-c0932741f178", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bc5543a7-19d3-5bee-9a09-8e488fdb1e15", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77b330d3-34a8-58cb-9970-8455fcb2194e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:05737686-9798-57fd-ba3c-8add6b8ffcbc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:43b7fbc0-44d4-5efd-b12b-033dcc81674a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5a7b57d9-03cb-5ae7-9f9b-d1c31408e457", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58e461de-2f6d-5407-8c29-0cc498dda66c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7e6aa1e-d284-5b4d-88f5-e9b4ee38f0a6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:826a0e1f-f58c-58c6-a863-b9f1314cb7ad", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee76d9c7-0248-55c1-9a8c-088f7ee8299a", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c11062df-3212-57a8-ab93-2dfe7808db6c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f58ffc8-9979-539b-977d-07c47c4e6730", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e4e80c5d-813f-5641-a90e-d027b54ced4b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:35f7a30c-d906-5cf0-bfc4-321226686f9b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8f82fad8-a120-5244-9565-93b34db34a1c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5503d64b-4e90-5358-8761-0593d08e700c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13b67721-9c13-575f-baf4-5e9d381243aa", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bede56d7-1b31-5bc4-b223-f3488902482b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d21c58c9-de9c-5d2d-bb48-63a535dd905e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@5.3.31-tuxcare.5" } ] }