{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a4038e3d-2713-59d6-a4da-1de55b45b414", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:20e7bbde-c79e-55e4-ba1e-6aac7b3b785f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c991374-9907-5af8-9808-0db73800dad0", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd53e6b2-4544-568c-8e09-213bd63525df", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ffbbdcf-ea8f-5414-8aed-a5b520fd25d7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35d65c2e-a047-5d67-8a4c-0563b1ae10d4", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54b28149-b84b-5204-99ed-a414f9d81cc5", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14c08767-fb59-5786-af7f-14286341bf1a", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f57fb9e-3738-5cc2-b960-f7375631891b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26621289-15bc-5d72-af18-78a7c8b8a9d4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d69378fb-18f3-5caa-bec7-48e50b4a10bd", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:609932b9-8d3b-5668-ae00-a31f0076492f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ba12aa6-90d3-5bac-bb2f-3ea877ab8801", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca6fe839-dd6e-5d7c-9f1a-8e1dd0bbb869", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98c9899a-df28-54a5-96f6-c44ff6c62970", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8038dde-4785-5d89-92b3-0ac167d3da81", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5be6cdd9-d6af-59dd-8ff9-765200ec5a19", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c70117a-64ca-5cf6-96d1-0a75cbd0b26f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a690e98-d971-590e-84b5-ade9ba652de2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:729f0f68-33b1-5755-a7d8-824551316e1c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c82180d2-6cba-56e7-8591-d1678de1f87e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b656ec2a-7398-5a37-9d7b-8adbb018460a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4e272cc-bd10-5741-ac87-302ff20d3a47", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09fd8147-c48e-5bfa-87a8-4f30a1dbc892", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bac798a1-b9b5-5a99-b6fc-28061bdb6a60", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64631206-d76c-55b8-9f65-d7e847199845", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b611204-417b-54d4-a601-124060828116", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:162e52e5-5f55-5fa1-ac38-304157981b48", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32c75001-68f7-5878-b5c8-005051940522", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abb69a28-de47-5b2a-8f3a-2a0e797d67ac", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5cf02a7-73f8-5897-ad41-b131982943a8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dabb2550-1873-52c9-af77-b92e548ea880", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75e83030-e42d-53b4-8e85-a1028ec5fbde", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4176551-dbe1-5951-a3e2-fc7b820f312a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52f8cd2c-3f5e-538d-baee-4be8a3057826", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5d9de36-0b01-5409-8814-8ccad1081c66", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8234abac-74f6-5bdd-a87f-40a917624ed7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e5db0b9-b9f8-5da3-9f7e-636a570f3594", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2157551b-0de2-564c-9470-a46a9fc3cc55", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ecfe8f8-b1bf-5864-b245-da6bf613a800", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1800a9d5-5845-5094-9079-9eca360dc22c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.1" } ] }