{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1f67cc6e-c789-5bfb-99c4-98ac645871df", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:778e2725-b0df-5f34-b035-6d3df9da61eb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff0dc349-7f42-5040-96e0-e95faaaae403", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:249a2251-ec39-51db-844c-d548babec6e5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd2c7999-359e-5eac-84f8-9384dceb5b5c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:335fe63d-90ac-5f09-9be6-bd9b240a8068", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:263ef0e5-f552-5fcf-88be-7a613f2f5e18", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4e941cc-c808-5893-a842-6e050be8c33c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b68e57e8-c11b-5a35-9e51-57006be7020c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8b280d2-f3a6-5643-9280-7e0dfaf72029", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48ac35e4-5fbb-536a-a55b-f97ba70c8b28", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8429bfe2-85b9-5f95-b0d1-5c2182fefa67", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b6ae6a7-72a6-57b8-b10b-ac9754369555", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2fcd6ebe-0b7e-59ce-ab32-26779a25fa2a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6bbf3b8b-da88-5e33-bac2-65c03655eb2b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f91acb39-8179-5d9b-991b-fc3abc22acfe", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd1c9308-55db-51d4-aa00-a6f366f18430", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7827945-15f4-56da-965c-7234033774fa", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0ea06ef-44b6-5b3c-8e55-6d683dfdcc18", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13624b9e-c064-5de8-9377-cbc58716509b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:501534de-b643-5c37-b259-1f81f178cceb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82c5b450-dd4a-5358-9606-db2fc99cea05", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90e460a5-8993-5c76-9386-d17abd5947bf", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b821e447-d795-56aa-a469-3baddb537bd0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3fe8c2c-3f90-5513-a820-e72f082808cb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7015d556-e1f6-51ad-b959-b43bff5c6e17", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80a8b18f-4a65-5a01-973f-7023023627a5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ac58393-c9eb-5680-a6b6-965a135b9247", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe9c8f9c-5c1c-55f2-86f8-ebcd121e3472", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e7728f2-96d7-5874-b694-ec2a7bca262e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eaf50ef7-a083-56b4-b5cc-fb0fdc88bc83", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec5a5bb6-f486-556e-ba9b-87061b97e919", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a42c30e4-0077-5453-9c82-178957188509", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be4e54c7-2389-500d-9943-5d29521f9193", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9e9b805-0a01-5591-bcf5-561060d6184a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba1a6988-335e-5501-a2f4-5c0526b6d3d0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4bf9c33-6409-5bb7-8a86-1d1531eb7058", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.3" } ] }