{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4aa4aefc-51dc-528f-aa69-5e952f663dfa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43613fa2-8720-50fa-971e-07532c430b87", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9e8a09ca-5e50-5ff9-96a1-6872b97e2799", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ba51845-413f-5ff0-b7dc-c6a2824e1efe", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cad0569c-8718-5bff-8eaa-e762967dc38b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a62a686e-6ff9-51c8-9503-f471ec5829a0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fe73168d-5418-53c8-8780-0f7de4129452", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7936c8e6-c850-5085-93f0-6de8845edf53", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d7fd10d-9393-5a4f-99aa-cce4218ecb92", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c195a8a8-31bb-57eb-9444-5a7338bc6308", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9033d119-f125-5dcb-86be-d6813be4e186", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:546098e8-6732-5bd3-8046-10f1575bba82", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9cb15104-bb31-54d5-b662-2a37683ee8a6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d5d3b42e-7ecb-53da-a3cb-804c9b5437bd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25717c88-a6c8-5585-99e3-e312e5ba5030", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1205bc32-8ee8-5cc2-9ad7-e789e1f9ea52", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d543996-59fd-5d75-806b-bf5099ea0e93", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bbfa0f79-e88b-5f4a-a3c4-bdf325501c7a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:04fa97da-0d15-54cb-b9c7-d708f13ce07e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9a98bb83-375f-50b3-a9f5-10dab354e2bd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a4fcdcca-6f27-5b52-bd0a-6667ef5f1483", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7d3e9aa-0ed2-5b41-b94c-13e5462abb4f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5318af6e-a945-5fd5-8bc3-6ca15070e228", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c13e55b5-054f-5aa8-93cf-dfbfbc6d9dc0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:acfe525b-fbe6-57bf-a4dd-cc63e9babca5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6371e071-ba87-5f1c-9a4f-66f1205be7ab", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a080f3ba-d9b9-584d-bfb6-ae3c0a45d2ca", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b493109-5cb8-56f7-8b47-e48e8d51ca84", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6aafe45-b454-5388-b218-764aaeb24944", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b552cac-49d9-5205-8714-0d6e261af250", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:79458d66-5758-5076-988b-285138ac18b7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d322109-143d-5480-87a0-e10ba30e976e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:80e0db45-e66d-5af7-a386-187ec3c0950e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:faf3ea27-49e7-5d4c-83ac-c78e5507399b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58e4c0f8-50fb-5577-8b2b-49178f2144d7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7c26924d-1e22-530b-a856-468a69a37d30", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:09c39a17-6cbc-57af-aab1-5a5aec7f89b9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49175300-d06d-52a2-8425-594be3455bbf", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.31-tuxcare.5" } ] }