{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bd63a34d-da8e-5fc5-9779-20269f0ec298", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:efa163a1-0fcb-5e48-9228-a0931c783ff7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc5b0c78-6f1d-50e5-be0e-7e9e31d0fd31", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c7f34b6-7d4e-5bc8-b34c-5472670872a9", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d101bca8-948e-51bd-a8fe-45abe9cd2119", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a8585d9-6795-55b9-88df-04fcf93b0be9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a94dcb44-2539-5bd6-b445-11ea4aadb92f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71b1e5cf-06d7-5fff-9ea6-fa9bf36ead2d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d2c2ef3-0b35-5afa-a76d-a5c74db10894", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:839ffeec-d428-55af-89b7-ba9b3a9d4bec", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f69c7b8d-b67b-5c5f-bacf-d2333cfa8865", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef5876d9-2200-568b-9eae-c24d43d03b23", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba9eaf98-833f-521e-91dc-4bf8beb8f357", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5556692b-9a78-5b63-9de8-4ded625579ed", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4696ec1-ff01-5bb6-aad2-acd36c9bf399", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa68f2e1-55d5-5ef6-b6f8-6167edb5f8e9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62400f6f-181c-5928-811d-50941b6aa928", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfa0d103-0ec5-570b-9012-c1bd69bc6483", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc171462-845c-56c6-80c5-6ed0f47ba095", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58ff7fb9-13ed-51a4-9008-14c38ad2fc7d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c072555-29c1-52c1-90df-e738837636b9", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ce9f96e-e7c3-5fcf-9070-a917e2e032f5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70d41ce6-d4d7-5814-9087-28c61750eb55", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7a641e3-8fe7-55a9-ae51-d77aec34b8dc", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1b9ba95-51e9-5225-aa42-856a7e297e99", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4660992-266d-5f8e-ab71-a6a87a319c52", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2d17484-f57d-5d07-a557-cce981b391c8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bc5e47a-1cbc-5df6-9ca6-9022b823506d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12e81761-4eb0-5604-84f9-25cbb2ef25ea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bac2a9ba-2b25-5f0d-9aed-99af7e70a813", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08fc4134-7360-5616-9d84-958d3ac1caee", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca9c15af-2168-5f2c-8bc2-7ec67558b060", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acd7859e-f496-538c-9257-87a185be7818", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03583a49-31ed-5ce0-9485-5a8fc92e0f35", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d45a4524-9240-5f5b-884d-00420772fe87", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86eae90d-146b-55fe-92a8-40c7d5c75170", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f1bf063-a2ac-5d98-adb1-02b49f28a011", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82537bab-ca8a-5e45-a5a4-cad3e2fdc1ee", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55ada5be-dab9-529e-8f3b-c38e4e81ecef", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8506f851-9c5c-5c4c-9967-bd5729c35e52", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11bac460-7fdb-5959-bc9d-cb3b918c5ee4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.2" } ] }