{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9a848ffa-0347-543a-bb63-f0fce55c2582", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e4518f63-bb1c-53ff-a207-e1831a904121", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d2d2f6c-cacd-5ccd-951d-14c2e3e8d4c3", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da46bb4a-6860-5645-b976-f1d0537de335", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:766a6ef7-5abf-5646-8a8c-3a4790265eee", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:298e1db8-0964-537a-b81d-a3e109e1e3b1", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7df97917-8112-5242-b3d0-e99f303fbdf5", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da6bc118-acb1-5354-9697-c97a16c2186c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61e5bd5d-66a7-50b4-a8fe-1cc0850da624", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6893d12-1455-5276-8c15-a73b357eb3c6", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:716b8067-bd17-59ed-af2a-bdeb3b85ffb7", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20c1fc36-ee29-5ec1-9a2d-d0c079f591c7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:246edefa-1905-53ef-9550-2480ff2bbc2a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f895662-5349-5b16-9739-4dc51cdbc332", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caee3e81-aed2-5762-b30d-a317fac39b6f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39c84165-303c-5722-be09-80ea44142598", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3fa0e174-204b-5bcc-9cf4-e0285c686a4d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea122cbd-a466-5184-9f77-c39f4205da06", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af17fa91-1877-5481-af58-5a27dbd5f478", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5e04b1f-71f0-5136-98d9-50d0f17b555e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ea656c6-b4b3-59ee-868f-539e0a6eb256", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c98ffe97-4f2f-5537-887c-c87eb0fdd4fa", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e5502d1-96eb-5f2e-8c79-511d81f4dba2", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba41c279-8e58-5482-9677-9e72c8f9e297", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:085c15a8-a45f-5862-b74e-86a9fe459ec0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae8bb3d4-ebae-5032-9067-1962a5b7d9f1", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d48dd574-6b59-52dc-b3d9-4ffe74fafbce", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46652db0-2a69-5929-81e5-fd5eed479d98", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cefb85a4-30b1-5aa5-89d3-04325d9e8767", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d9ae0cb-82e1-5597-8065-4b15786be2ca", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bf5689d-e556-5a7e-9efa-bdc5e2ec93c4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b262ca29-43a7-54db-8770-b39567c15ae4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd01f457-1f27-59f1-a400-d549815ed06b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45e115cb-8eea-527c-8b49-8e88962c8f1b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7749b00b-89ab-59bf-a19d-40f410ed7a57", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:993c613b-32e2-5cc7-9601-8ab8328203da", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aab19153-fb97-5932-bdb4-f8bedb5f7872", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2c55358-cd2d-5dd0-8543-8930f833cb09", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:026237b8-3d3a-518d-aedc-b2efb943b397", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b00c43a9-3a3d-5102-8e79-5ef745eb8d05", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2b9e8d4-1b31-522e-b424-c371cbe3fea4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.2" } ] }