{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f37319f8-d72b-524e-9454-e63d95b0d973", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:53dd8ed6-25ae-5949-bc0d-df177bbc6a2d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8371de6c-746f-5dcc-a436-2555b5d68978", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:acd16fe2-73c0-567f-a4b3-6d4174075286", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ccc712ce-921b-5467-9c28-f2cd78c9d3fe", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6c9a5d6-e6c7-58d3-85e6-8447e16ad0eb", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fed6cc5-7cfb-5f50-8b93-3cdaa0ef7f83", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e57aaef-1ca4-583a-8a6b-86bfe8c6a65f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:defd5de0-e87a-5148-9feb-8bfc2625244d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:41a15c2f-50f8-5654-ae8c-9007c9bbf93b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d884a161-2929-5c32-b308-f8794298dfe6", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:168cb31c-5496-5b53-9b2a-c67b0eee0ba7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:206354f0-b319-5f69-99a0-2be63ed8d5a7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55ba623f-90ec-5caf-9192-739700d0ad83", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea0c3b7b-bc03-539a-95e7-b25c8b300391", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff20ae91-7eb8-5520-8dc9-9d9f323cc1e2", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b16a1ada-b6ff-52c4-aebd-fa65c73eb798", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03486b61-c813-5248-82e2-d35a15896b07", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ea4af34-9251-59cf-807b-6d0dd30e2d3d", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d4118e07-d5da-5624-a237-10b4ab8367ad", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ed75298-435b-5a46-a85b-7622932c255c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b54b51b1-9fd4-56cb-82e0-a7dad374c631", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f29d5c93-c983-59a3-bef5-8c3b83e2d666", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:def8a118-60d6-5297-8259-739dda582ac9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f0bee56-92f1-5292-a462-b818fb14ab30", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98c36337-1a64-50de-9789-adfd39323a17", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6cc816f-552f-5dcf-9ff7-42b9e9c5b41d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d034802-4117-58c4-98e0-78c12eb35d37", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e902f032-c8af-5aad-8a3d-944d7673bd6b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:512b0050-6456-5e57-b549-63ecdbb2f907", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f706aa7d-f6c3-5798-ba90-3df558da34d7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dec0f9e4-7a18-5d37-a141-5c78ae2b576c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5a23c2c-575b-5d11-95e6-75fe97e03a41", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d80e3d5f-5ed5-5901-98b1-23c047708dbf", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1971a6a9-a8e1-5a29-98e1-44ab74f47b5c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:436982e2-80a0-5a5e-a7c5-82e3a320fe3a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78ddfede-2c59-575d-9338-10507b0f368a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.30-tuxcare.4" } ] }