{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d0ad5e15-48a6-5e93-a91b-5a8717235a65", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:123ac528-3714-5aab-9109-c738ac5b7d32", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ae24d39-c434-5ec4-bfe3-0c5fb5347f17", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6c7b1ab-b86d-58cc-b33d-f7b32ca2aa04", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c1dc117-34d7-5fe6-9275-6a4544159895", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5521c56-446d-5367-adb1-023b9210a4a5", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5963272e-32c4-5e5e-a774-3bb40f41fcaf", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b619836d-f459-5ef3-8e5f-f5372d172c24", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9a48cf2-ffae-537d-b6a0-c82b6738f0ae", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a3d1e66-0a59-56fa-87ce-e17c6d90b934", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53c5838f-e834-55ce-b963-1c9b49d256ae", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f43488a3-407e-5f22-9581-41d45fba0934", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b23065d1-6cba-5992-a4ef-efb50114fd90", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:720ed8f5-9d49-51a9-8855-c2ff38eea601", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8893c31e-476a-57a9-b001-0d7adbe119f4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb781b24-03c6-55fa-810e-7b6f6d10b658", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb69d285-f80a-563b-abee-a876a36189c9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c872d749-7404-5913-846b-74bd48e9db03", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f3f9a56-feb9-5df5-811f-72044cbb18f0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:842f04fe-88b1-581d-8ed9-22e3f351cfe9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05502d05-f2dc-5f11-9e05-2c6eac9d3de0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adcf31fa-aa94-5dc8-8409-461019309bcb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23586c0b-bfc1-517d-8593-58823a5f72b7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98e48c67-9ab4-5d90-9295-5708a587ac97", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16926b36-b83d-5844-8526-bcdd97485e05", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abc43012-095d-5163-95d0-c8a4e591cde0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:651c916f-2930-5ed0-b275-7de96a7e2cbe", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc51b148-1998-51c1-85bc-49663b497a77", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a71e9d2b-f3a9-5d3b-b49b-19d5563996b9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd5e10bf-e85a-59c7-a1d7-87cfc747f211", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4f9fa1d-1fb7-58b9-9975-534dd1e2453d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87e126bf-f976-5cca-9d1e-a4c1052f4ff5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:868e78a6-1e88-58c9-b0ae-382027c8df59", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d61134e-8b6c-5c1c-a436-4461877b1f18", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:560e2404-d6cf-58cd-886e-693c9bb926a7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:938b034d-110a-5760-822c-a4663fc7f52a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc90e816-ce1e-559b-837a-97a1cab266ed", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.2" } ] }