{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:968a502a-1c37-52cf-9595-32801c76c67f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ef6f5b2c-5b2d-5a65-a659-06ef624cf347", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e873f52-9c45-5ba7-8368-db9c2afc8101", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca18b494-71dc-5ece-bca0-9e4f480144ec", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee07a674-5584-5460-b171-7ca813295a09", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fffdb920-0556-55d0-9aca-2a6cd60b258b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5d1def1-5386-563f-9967-da4f09322383", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b81bbaba-84de-5a4c-acb1-829154400cff", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3901bdba-2591-5597-a5f1-7c662a44887c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7a3c3de-8e19-591c-80c1-a92298d3a7fc", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93f7fc36-0165-517d-8c2c-b33fa08e4740", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:580d1e56-8e56-5c07-9b86-6448110b5267", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:080abf86-0f6a-5ebc-b80c-3a6a17fad6cd", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39ad17ea-3ee5-5779-b1c6-7d2389232436", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8249cb8-9abb-5eea-ab8d-0b872a677088", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd6975d0-ade7-5552-8c82-a2620ab7dbc3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a55bff25-f567-534d-b30a-af9e2b3c25b1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7248ef5-5d65-5500-99cb-ea21b19a576d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5f3e14c-56d7-54af-bef8-4f4a7c5d17da", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02cdd982-273d-5b43-a833-f64fed9cd078", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b27e3eb-9ee1-5cf3-a349-b9117de96e05", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2044e9e-5b39-50b0-8c30-90b698ae23a1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:486a8db0-cd2f-57eb-9cba-3b152044dc9c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f58f9cf7-0246-5c45-b42b-d2700c1466f3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee756ee8-ca24-5b0c-b5c6-f12627bf9861", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5664f10a-fda5-533b-bb9c-d128b8d5497a", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8415cca7-aa36-50fa-b402-649148c7cd6c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:690aff9c-640c-5efc-86fe-976771806714", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2765f7ae-0963-5ce9-9844-32a468b87c47", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d41e4d5f-316d-5d04-8e4c-b1d7673ecf36", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0657e13b-dcd9-5177-b50e-f0c6fd450e24", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdd46200-082d-5767-88da-fb5b38320c55", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d8fc699-e959-50f3-bbe5-710c0e72baf8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56092fe9-0b96-5921-a6ea-be844ad631e9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d95750c-4456-5ced-bc6b-7bf1bf4e4336", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72557832-3aaa-51b0-a3f3-13c86601f728", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db90f3d3-bbef-509b-94ef-ad0d72997276", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26aac3ff-3f0f-537d-beed-2b58911e0732", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0843ddb-99c3-563c-ba47-446d3f61a2f8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43f0b142-f25c-5eb3-9450-443381461997", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a50a31ad-f772-57e4-8673-bd7b0986ffd6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.1" } ] }