{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b47f39d1-ef4b-5398-93fd-6ebb054f97ea", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.39-tuxcare.14", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:06909a4c-58b4-5db1-b8d1-8ca202907cc7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:1f1f588e-e802-5057-b27e-99a207e290f1", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:142b5c1c-f5c3-5903-8ef3-ab919069c5b4", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:539532d4-1b47-53ff-a609-cb33f2ed770c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:fdfe368a-cf17-5131-aa3a-1df7ba4493fe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:522d7c20-34fa-5079-b4c1-23f78586c8bb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:d5dbde47-5699-5406-8b5d-b7262a2e326f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:047c5625-76d2-50f5-bb2d-d537252e1622", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.39-tuxcare.14." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:7e745ed7-8c9e-5267-aafb-8164d711f594", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:e914db23-87d9-5341-8e7e-52879f21b25b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:3f230282-2a3e-5a5f-8cc6-7c59a57a93d3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:d56adae8-517e-5353-992e-dfed68f9b412", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:1e0f3ec7-c550-552c-badf-8d8163aed121", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:20fe3b03-beae-5084-a7c7-b3afc50ce46e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:11f00d50-a3e8-5fe2-b3ab-f0e5f36b8adb", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:c76d1d8e-8043-5069-b349-f7bd4503c4f5", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:6fbb0202-c7d4-5888-857a-8abc02db6f30", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:fe014aaf-30b0-5e33-aea3-88e0957c66c7", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:b200787e-740c-58d3-904d-90ce922fac5f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:b357f63b-8345-593b-90aa-d9717d90f1f3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:f29e2318-d69a-5fc4-b517-68a249845025", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:a4c2b1a7-ce3c-57a3-8f3c-2b11893f836a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:7c759db6-95a7-5628-8dfb-beabbeef8df9", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:6bb29675-8bf8-5fde-be40-26f6e76309d8", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:3e316fa3-2159-50d3-906a-ef325835588a", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:d90aed81-220c-5581-a78e-749ae752e5ac", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:29fa6e95-28fc-5757-a706-6be6c086d8b9", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:f19cd3a4-c7f5-5112-8d0c-2fd2d6553ff1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:9b227767-57f7-5eee-a2ac-106b139cba79", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:603e4026-6513-5153-9269-bd3916db90f5", "id": "CVE-2026-41851", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41851 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:215b8a5b-c839-5cd7-ac57-5df929364095", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:1d58c979-8f49-57ed-b8ac-b4748095a77a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:f4d4d4ac-9861-52d6-85e5-9df7c2eb11c6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.14 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39-tuxcare.14" } ] }