{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:354e5a51-cb8e-5988-a735-7ec1b1aeae28", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4b1a8fa6-5659-544d-b37f-05000218f83f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe746f41-7d3c-55a0-a1b9-1d9ad83a559c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:722fac3e-609a-5f51-8b12-004cbec8da99", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6050abb6-152d-5158-bdb0-da88fb44c2e1", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32129f83-7791-5d21-b4f0-f22fe32b7561", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3737b19-b416-5086-984a-30cc5a33315f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad9e50c1-e5e5-5326-84d2-0b59a686ab9b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a787096-bafd-5dc1-9852-d224a0eb83d5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d10b4fce-b883-5713-a03a-ac87d7116a44", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2230dc33-9fa5-5dbf-9437-ef10108bc34c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7a48563-4ad6-577d-ad22-b89c5b94e9c5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18fc55e6-bbbf-5d85-ba6a-bb409e503c75", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3d3527c-262a-54cb-b82e-1ef15b789ddb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d900d14-c50a-5026-9033-0128998de07c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43511a66-15bf-5a94-ba2c-cd1e1ed83b18", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f3a44d1-377f-5b6a-969b-37fea2656ed3", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d928bf44-8528-5a1c-8ef7-224dc19f80e9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eec33e9c-da01-5d4e-b5d3-f0755d93426d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d343f54-3050-5a8e-9348-7b7a82385392", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60c80543-6ff9-5abf-88ac-9696585dbd7b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6add97a-d8af-55ea-b448-a1d35ef31031", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2faff7b6-8909-5835-92e7-f8128004e837", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20220277-8f54-5084-9036-558c45ab8063", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1247dfca-5fa7-5cd7-87d9-9d1d88c395e0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:358b2da1-ae58-57d6-a46f-27f68cda95aa", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:109c2075-fd86-5c27-95a6-3bd4c662cdc0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5bbcd4c4-bdfa-5bf1-8b30-b73fcec9e4b4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0d707a3-82dc-514e-8da2-f430d1b27592", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:794e884f-a0f4-5f03-b9ad-4aec38cfccee", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f0eacfc-7654-5f5f-a0da-c58df9bd522b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4cac266-95d9-5498-9568-0a2a91b1279c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31eb1691-1347-5031-8c0b-b7734abb97f5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c28224d3-00ea-5022-8bd0-0ddf08640bcc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba9ca025-0b99-5cd9-8bb9-bb5dd84d6f78", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d8ceae5-1273-564b-9bfc-74ebce22a958", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6cf6b278-c635-5a37-a0d1-dfbeb83b4037", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32cb5c04-b634-5ebf-adce-0dadc4761b95", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.4" } ] }