{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c8b4433-2592-5030-bf9e-c9ad7f90ded4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eb80e6f7-4107-57e8-b818-118d837e13c9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:322a8d2b-a990-5914-b038-76f656ac1a80", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20b19b1b-5d1b-5fe5-951b-515bc08ede4b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5c828fc1-9975-59f0-a84c-eb8b42b36aa4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:da9ee084-ceb1-5a02-9df8-c99f2cc7d48d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9501151c-1f35-59c1-89e9-530ed97f7851", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:71338a5c-348a-5287-93f7-28eaca683b4f", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:40ba5430-7f56-5462-b9e0-df2d569dd1ff", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7dd84d36-932a-5f96-96ea-fc64c598db72", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:967144dd-3a89-53ef-804e-03c9abdf67ab", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:35f78ce3-4870-5fbc-b7cb-6fa2b32c3f9b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cae589b6-bbfd-502b-9e26-fde3cf875455", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:78ba2574-26c4-56b4-ac04-dcdc7585112d", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:647ad654-4bc2-553b-b88b-7c5a79e531f4", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e671d29a-7a5a-5c96-8968-fd817d208a72", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20209631-f60c-5cac-b515-6c1811071259", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4ddbf246-fb00-5b90-8748-32f64ef59125", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f9eebbee-211c-5f6f-bb6d-1b084e6a4a50", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b75f152-9203-565b-8844-a0911d823e60", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4265d7b7-daae-5ea1-b6e4-b35a2d0a5b28", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2367b183-efb4-5703-a6f5-66a14a62a923", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ec3e5e49-d552-5bf9-b82a-0ac8987f7b6f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d6e37979-0920-535d-8d82-ece43014c471", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f34108a1-ed21-5443-9483-1e3ffefd65b3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:12e1fe3c-6ff3-57ea-b36d-013215dde96a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:59fdad73-9e52-52b6-8dac-1a4d1be10799", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:07ecb1d6-02c4-585e-819f-cf86d93af14b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:71493db6-0ac5-5481-b698-6841eabd197e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c4180ba2-7237-5f9e-a593-fb9a30eaef98", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bfe2307d-ad91-52c6-83b6-ef1471f7787a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23fcc8c0-f47d-5f27-b631-09121b1302fa", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:941d7f3f-fcbc-57e9-ab51-14ea1dea432c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b1d451e-85b9-57cb-b2c1-1b896fcc2768", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.37-tuxcare.6" } ] }