{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a87b4a07-e9f5-5c4e-9984-e675fd0bb2f3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bbae009a-76e1-53f8-9049-95944099811b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b33bddd1-7043-5fa7-b04a-79d86271af08", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88abd02d-1c9a-5047-bf3d-c0e0c0f45ff3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:733c47cc-0938-5847-97b6-270eb57c5bb2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:357846c5-5311-538f-9d21-1c9ecefca243", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1a2c831c-5fe6-5163-a905-317871826fe7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6abbb285-a58d-5ea4-b22f-5bc73ab86921", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9bce4fa-6338-5e1a-97df-9fd2a666241f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7cd571f-30f5-5a7d-826c-44c7727810a6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:09a8dd7d-80b6-5006-a918-9514a71a8dd8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2449c329-dc23-5b9f-8d31-f2451fbc7fae", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54db03b2-7e79-58d0-bc70-36a8f00120b9", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9df670e8-aced-5aae-a7c0-20e851430668", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e999ef3b-b350-5b32-aabd-de96757df109", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f29495c7-14c2-5de6-b51d-a109db042074", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1576c7b-09aa-59e9-a817-add1924d8422", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f3d44543-113a-5010-abeb-dd0977bc1c82", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff008db5-1399-514b-aa76-570a98d096ff", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58d8fbcc-443a-5ab1-9291-5665dde96bca", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5bee76aa-14ba-5b0f-b7b2-e4d06bad8370", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed1dec44-b62c-5516-a3b8-af109367ebe3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e1c5e31-44f6-5e14-ae6f-75ef08c94c24", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:22369671-fa59-599a-bcfc-68ff60f5bd45", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:19623abc-11a7-5ce9-84b8-8453195b025f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed372c53-2e82-5c99-b63d-0c88d39da581", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd031db7-0546-59b4-8ef5-fc308d7634ac", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5ade3d8f-a2b8-576d-996c-d3612b078cd8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d75ed3e-c190-5ef7-be63-37659647edb1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9bc34351-ee56-5537-8cb4-515ba5286063", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9e2e199-5509-5cee-bc1b-d1127f4f31f2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36c3ebb1-52c9-5e41-b8a4-e1fe27375e37", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eb4a9339-55ec-538d-911a-d370d8ed97dd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d8c0fa7-b5af-5b99-b4e9-77ad107a6d38", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.5" } ] }