{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f9fc8257-dddb-5465-aefb-53e6e0b4131e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b81b8b31-82f9-52a9-89cb-0fa8ace25b49", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a1a7689-394c-5eb8-ac43-ea3e1b143744", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:25afd8cf-0b6b-585c-ab52-a1b03e19caea", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d91980f-96ea-5218-8283-5a60e1f55e77", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43a94bb8-2ac3-5cc8-a7ee-fee7c30f494a", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77170736-fa0d-5330-9b3c-f253b2fe0881", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40324de4-393c-525a-84a8-2860cf2a9673", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:937ed11e-0710-5fa8-b816-48e8e5b8724e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb433b31-1247-5415-b66f-a9d83c38b747", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5cef03fa-8d42-5b2c-ae45-eb04cb71c50e", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0654a97-b930-57b6-be27-3ff91cebcd22", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:614ff936-1bf8-5b59-9572-fbc05b4faa61", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59201875-fc79-5e5d-abef-5cebc86221c6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9ab2d09-1137-5c50-a09a-e0dff91792f5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7391e296-26b7-5415-a3f0-2a354f4ae585", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9a0c69d-16e4-5722-b649-1e0ddf25e40c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f41ea330-de35-51f3-b495-d8b614295562", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:277c8fa8-5649-5eef-aa53-b3d056117bd0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ebf766c0-517c-5d74-b10c-66807f9710f0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:062e6a25-649b-52eb-a12f-f8976394d25c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cedb07b9-23c9-5e71-aaf3-76ec9cd568e8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a4e3d9d-1e85-5bbc-9518-78c8bfe4199a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fff32111-dccd-53e2-885e-095be6241012", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90b1883a-d98f-5a06-a8aa-6697c61e8a96", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4e31cd1-50cd-5c20-baa4-9ac13ca45540", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f33ae60d-05f4-5c44-bb81-0d5497179d1b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee4d842b-46b6-52a6-8c30-d0c5ddeac934", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26563066-842e-51f7-9b21-488ec31cbc7a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e01d5de-8a28-51f5-abf5-c8d313738079", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38888ed3-fce2-5662-b4e1-42e7bea55db1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4b87c2a-ff51-57ab-9231-e0aa94ec5695", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d7a195d-015d-5898-92db-bb8fb6e45898", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fea8a82c-676f-5d40-9fe3-2f4e385ad6df", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bff59b30-071e-5ae4-b560-e1ec0f23220f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:daa987ad-07cb-5083-927c-39f6c3a7881c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b30eb094-61da-538f-9347-ab7b2457a3fb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6af6edd-4f04-5389-981f-f3ef4f161910", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e33a7e83-210e-58bd-a8ce-8592c4a8228c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16b98dc2-2d2d-555f-962c-1a7d97a11c8d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc6d8b2c-22e3-5db9-bb42-6868658cd5c9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.3.30.RELEASE-tuxcare.3" } ] }