{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:20edaa61-92c4-559a-b08d-daaceda988ee", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fd70170a-4935-59e8-bba8-24e94b3a49bf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec9ad69b-1dcf-57ed-a2f8-ac3e87682455", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0bcc96f-0d07-55df-8049-e4fcf88024a3", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74a04178-6c29-5e9f-b9be-4f0ce84a4940", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:363da206-904d-52dc-a0f4-2714c7915f44", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:353b9b48-059e-5b4b-bff8-b196d8a54d61", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a344c92a-6b7c-57b3-b616-3504a96e6d75", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c781ba0a-07df-5fb7-ac56-3140c6e5af09", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01a64937-7f70-561d-b6b0-aa89a0b169be", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb3506cf-d948-53e8-aca4-c9f1dfd9cd63", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:580c2332-ea98-54cf-8a15-e6fc10ad04cf", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2d84609-3704-58cb-9d3b-8ab1bfec14ad", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b9dc661-0b3b-58e5-8528-3b7feac82acf", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5b32cb1-e827-5f83-a89f-6e0b6fd4a143", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77c67a89-adf4-5f29-8ae9-4ad43b708adb", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d95c885-5932-5d1e-80be-c33ab037d6b4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5348c9f5-d4ec-5904-9036-8f3a5ff3b075", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39736267-12a7-52b7-ac8f-c9b754836edd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a421022b-9d5b-542c-bc81-453ae51469d3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2746c9e7-8a7f-5549-bafc-a1e30a9bfa50", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ccde0fb-b704-55ad-8590-35d6b449f806", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58cbd22b-bd2a-58ca-827a-1acf438d6189", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0ecc79f-1943-5ad4-b67b-79db7eca1ac4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ffb3210-1897-553f-9133-681a458df4c9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0986f2b-94df-5180-a659-ed0b15efcf15", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0752b397-1e17-57b3-a647-56926a97fdb2", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5adee1c-e10e-5fbd-90f9-750c8f40b40b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b1777a0-cd6e-5b70-b254-0f8d2d68c6d0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee2e12b8-4256-52e7-a205-8f8cac0b5e3d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6dd20c0-62bf-5af1-83ca-8962ec0a515f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6970845b-1175-560b-a145-097a8e6437d7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03eb70e8-e394-56fd-bf58-9f0889750ca9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1af06fcf-5dfb-5e11-b041-c5657b8adbd2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c3fe3e9-4f0e-57cb-b179-8f8fad752772", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5acbd3d9-32b5-55be-9fcf-5a024f72c6d7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b38c99a-e48e-5a88-9c60-3c9b1d59a812", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d26bafc3-b918-5c81-bd59-427f4b3a8e24", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36ac16ec-d440-58f1-a047-ae3ae6daf9bd", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57b6a12e-1450-56e1-95ab-de95a4981d8d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:821b998a-22bb-587a-82e7-ee4493644e97", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.1" } ] }