{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:62f290a7-5331-547e-b001-828fb54e0c49", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6e46cba5-5b2c-58a3-9285-b55139176970", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ff86bdf-c574-562b-affe-da0dc5b62987", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01656f6b-dba3-5734-9464-58d79cfce996", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2c77af9-9d93-5676-a1ee-c07f834a0075", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86e0df98-6127-5384-bb67-65ea8cc623ea", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1e36a0c-eb3a-5b91-86f3-52f81d328786", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75bac159-3074-5a20-a910-a5246c31286c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b34a2bca-7abb-56cc-96d2-1ee4cb60bc3d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0695a8bb-d9dd-5763-9f58-b385069e15dc", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c73c8aa0-f727-54f7-bde6-64695b4934ec", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7f26e46-cebb-5fa4-afe1-e2cfb0073ae4", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9fb1585-09ac-5143-b504-f2e0575f693a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfa5b349-cb4b-5d75-966c-cd5c2c0028cb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3081ca0-f66d-53d1-b331-a3cb17a05438", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9399baae-a1b5-59dc-b390-1aeca5100000", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9e18481-6eb6-56f0-9cc2-823918980f5f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61433e20-f9b4-5e69-a6c3-3ac2f9eb6264", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce8635ed-eece-5264-bfe8-46c6d0d7280c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fceac66-3be3-5cfb-8795-7ce9614bf531", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2254422f-b1b9-59d3-ad36-3946939726d5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db170391-6722-55ef-a62e-ab379ccc3461", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b6a8389-16d5-5afb-b92c-921bc361b7fd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dad1904-b23e-5e31-a869-46382a591ebe", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f88d287-4bf2-5ad5-a8ba-634d0c2e8351", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fd60e78-c029-594b-9ea8-f96b0014ea02", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:775d299e-96f9-56a7-b201-949f337f67a7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee257e63-732a-589c-8ce6-01a5b6043021", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb33e52f-791c-5471-b89c-54e41d9747d9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb711d58-9de6-5ed9-aaab-77c2471e8ec0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38286ac8-5c2a-5dd7-9834-a1c260d531ea", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77b9621b-f61b-538d-8ded-a1c10363017c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ac87ce8-e542-5c71-a096-a068bd2d9394", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5d32fea-c52b-5ec9-91be-a44467e43ab1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46455e4e-5fc6-5d93-946a-b63bc3604634", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ab9fe4a-498c-59cd-b265-52f9f3635183", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa25a1d1-79bf-53fc-9103-a8e9999b0c64", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc215dbb-9213-54af-bc81-a9e78d5d4429", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0de5658-b831-5fdc-83e1-a1da1f70d262", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99fdd684-bb24-54e2-a2c3-e20d69f2e20d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41a58f85-f767-5779-9fcb-79ba0d4a1e15", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.2" } ] }