{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:002b9e5e-62db-5f31-822a-55e235b5731f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:92287630-395e-5239-986a-4a20f3835602", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90b8470b-36f3-56ff-888c-08bfebb4241b", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f6cd4e7-74aa-556c-93c4-61018460556f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5cabcfd-fd84-5ee4-bba0-310fab380349", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:702911e6-c97e-522a-9ed9-e0ff09fab79c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b34dd1be-ab16-5263-88df-fbe509b5751b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d72ff2ce-4273-540e-962e-a2e6edf05067", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c71d0905-f920-56e6-af04-8dda73b518a3", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc7c7644-9130-5466-bd1d-63b1649bf725", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b655a3d-32de-5189-8c97-e37ee557e737", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b474ecbe-6908-5551-82ae-aebdcadf3091", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d2c4656-e359-5856-a3bf-bc8925ea6b37", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b59da9f2-1738-5c50-965d-7cfe903592fe", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f19bbf7b-6a61-5628-9096-549cc0b86982", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b514022-d28a-5f0a-9794-e16c7a444b27", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88123f8e-1de3-52b6-90de-468cd6f2bc1a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c20d633-c9bd-58ca-92f2-f7a6a879504d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7523af53-fd50-50a5-954f-5171cf63d830", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c709b37-a2f9-538f-b1f7-ce036748fea6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fbd3d00-849c-5f32-a1bd-aa2d71d61dec", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8646e3d0-3b35-589e-8422-864c04bd385b", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f16e703f-fa2a-55ef-9b85-98560f0dedc7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:065e7cf2-4219-5e4b-9934-9220131f8482", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15724052-1736-572c-a3f2-a27a4a3fbd58", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbc0aa0a-1633-52bf-8b01-c7e1617d71d2", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2aaa5b4d-32d5-5933-b62c-2eb4d0321dee", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d351348-4320-53c4-a30c-bdc3864a1f4f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:456ac32e-d592-520f-a9b4-e81ca12e7e50", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a70050c1-7a88-50f0-94af-5497792e8d90", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:177e73a3-6843-52b7-9127-3e4028672d7e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2283c52-e3ca-5d7a-88b2-1bb5d51aedba", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4423722a-143b-54f1-839e-d5b5c1005837", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33dc87f0-00eb-58bc-a01d-a5ae0cbed0ae", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d6ee362-3780-5989-885f-79aa2b17c3f5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd90588c-3bfc-5346-8686-fc75b7f17e5a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83c25969-3725-5d88-a2fa-aa3e3f3f610d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d3e46fd-d3e2-5a8f-983d-425c456d6707", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67786ac1-7e4a-5d9e-be56-ae839f47c9e1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eddaf964-0596-53d5-b4fe-bcec5ca34d72", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9aaa032f-6989-5c01-8a70-bd8e76bb5405", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.1" } ] }