{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4e85fc33-f01f-551d-ab7e-6b05815997fb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:21209c87-86f8-51d1-91f6-6d41c3e2e27d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:168e43cf-17cd-569c-bc31-4bb3bc176ec2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8f8004a-d776-50e2-8f43-f96c6e788d37", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:276b9173-aad4-5e49-9931-a423c00d6c08", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6e44b62-4684-5954-a2e4-8250c65ba0c9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fbff7956-fd5b-508e-a1bd-1f26af8de69e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fa49ecf4-ac3e-5aad-958b-820df7c20fbf", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df89721c-fbb3-57b7-9e45-91fc4c111653", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78809235-5418-5b63-ad3d-8cdb13fdab1c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67fc2948-5e7b-51a9-a765-780d9be2068e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5cb328c4-b704-5073-9fdb-b5905143132f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:431863cf-6d3a-5894-8d5e-4fd5469a7244", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c23cd70a-8acf-5d74-814b-53ecd7f6a893", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22f8f2a5-053b-5f6a-9d0e-7c7735b012d1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a319907-4b1a-5140-ba4a-4415a15b0d24", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a1f2622-6556-53f9-a549-15728e2f2031", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed72b619-f4dc-51b8-8614-acf0b283323e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7d4ed37-3bdf-5c38-9fe2-c5cd6e9c5821", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6be6043b-4d2d-5d6e-87b2-bdbf4bb9880a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:691317a0-d632-5eb5-80fa-48b44c07c90b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8699560-6b48-5f45-aedf-14d095d9c32b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b1bd669-665e-5b11-86bc-bab708234930", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7588a974-229f-562e-94b3-1017a705beca", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8fbb8b8-31a1-5d6f-a5d8-63acf2154076", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97123a0f-fdaa-5053-9def-340b6ffa683e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9f79a39-1b75-54f0-81e7-803c16d17acd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b74ee6b5-cd4b-5399-9615-003a70c463aa", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80179961-7553-5dd1-be2b-448e71f3eede", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:283b0390-54ed-56d4-9411-0cf47051fa2e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff320e5b-f8f3-54cb-93c8-b59f4cdcaa16", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4074b9d0-ab16-5d48-b859-727be573a797", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5efc155a-1fb0-5a53-a783-63b450ee0410", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0071ccc-cd4c-5479-a083-0bb198086302", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5e3243a-369c-57b6-8851-3b7237d5a076", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d09162e6-1609-5b5d-bef2-7fb100fb8d0c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:643a8815-ebf6-5515-b4a6-899bbc91dda2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e69b1e25-73bb-58d5-a3ab-38ae38e3bf65", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.4" } ] }