{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2de74676-dcdf-5a6e-9b64-dbdf35aa5ee9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e58754d-e527-5030-8ae5-19ae0d29918e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d75aa12-cbf1-5cf0-af74-9cfdc6be1c9d", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:069e1a33-133c-50ad-9368-0ca846828b6f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4cd187b-87e8-553b-ae8b-cf29d9bb1314", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1beb8013-b176-52a7-af83-8118da2d5974", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12d500dd-c4d4-5e74-a995-aeea2f99e768", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b68cafb4-224f-5b52-8863-65cc5ba448d3", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d38a2527-f6b3-564e-a09d-30d2b1367057", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c08ccf32-dbc3-52a0-8a99-edaeb5a041d8", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53542984-5665-51c9-a16f-cc91802b44a6", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc187b62-deb5-592e-9307-948205ef8472", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d73d10f7-b7a3-5563-83c8-484a7bc0026f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ad8a950-0045-57b0-8296-378f3eccc65c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88d3098e-2295-5f1c-ab2c-b8dac125530c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f21cc2f-b0d7-563b-8693-ea77665156b5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91c2cdeb-4bc7-51ac-b68e-4f4a94991597", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b00b7d40-781e-59c8-8582-bd74af5bd1ec", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb1c86b4-b890-5ba6-91c1-f9ca1431369c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c67c69a-aab0-5fa7-a1f7-60417dfcaadb", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72ef591b-c066-5e0e-9b07-579173640fd4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f3aafd2-14f8-523f-b0c3-3b2ee375af0e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83f0fe97-0fba-5200-a3da-43f81655d393", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d5f1cfb-0f47-5a88-8fdb-d18a84134213", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6126b6dc-998c-5908-a98b-47d8dd3c70f3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa9d58c6-b033-5dca-b776-2497f319d4c8", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce1e3abd-1f1c-5b47-9e35-eb95a21e5086", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b43b184-ff5e-5ea1-a938-43b3eb4315dc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3bfd2cd-0a3a-58dc-9291-a610595a61f5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86e75350-84c0-52f2-89b8-0106e807c52f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e4dc2db-c5b0-5ece-87ab-aefb9ff86e60", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28f30c6e-9169-5910-ae28-135cdf6c7a71", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a31a3d3b-bbd2-59ea-a3f5-435ef943a2fe", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:877641a1-90ac-5b8f-94d1-a28fe211539f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9132aba-71f5-5f3d-bdc1-32941ef31402", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcb6b1d0-5c30-54e3-ad7f-961f0de92a0f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6dd8ddc-8e12-51a3-88b7-ca7acb603301", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8ff6b9d-8c5a-5275-aca4-8da0cd3a2767", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cf058cf-d56e-54be-b94e-1c847eed15a4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57a2736d-b0b0-5c6a-9496-caedc0cde39e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a0bdff0-128a-5ce5-8c15-8e8f3c8cf1b4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.2" } ] }