{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:80f28b0d-5cd8-5d4a-b4bb-3f68dbf4e581", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e859dfd2-6c9b-522c-8962-5c5796b1b696", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a47ca09d-9c11-57f2-a540-3e70bf256dfb", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3826bfd2-3eab-5f11-876f-bdb6e261c5b7", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d6fa9a1-a270-5f14-874c-6a18457beb74", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a09a525-dd47-55dc-8549-1bf567c01432", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b153f5a4-8a35-5a62-9c48-3a80f1d5e48e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3720a8e2-3cb3-54f3-bd4f-a31861bb2b30", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d78b171-de8d-554d-bb22-cd5375f13681", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5afc267c-efd4-5e01-b9ea-29eef4e77e85", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f25e15da-9b91-5893-8647-581af041d6a1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd0950ad-0143-5de3-a36c-ea6fd12d4338", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b8e5729-47a2-5117-864b-847aa0c12b0a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a994597e-74ef-549c-9ca3-32a6eaae03b8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c41ea45a-404b-522c-a7c6-1cb18d79c610", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a56a19ec-da74-51f8-acbe-f22836442373", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11368355-371d-5261-8538-f525eeaf818f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca163703-c173-5e21-89d8-2569d639a6f1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ece9de71-c42f-5438-8283-ccecb2460deb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abd85d2f-d351-5c0e-90aa-9cc4c32ede67", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45553a20-fe17-5eae-81e2-aa37df65b280", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df657581-3480-59c4-8575-5968aa1d7b25", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cc0637b-75d3-5fc5-9ad2-f5058fb1b9b4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4d60150-adf9-5a0f-96f0-aae4ff1119bf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c72838e6-7809-5ce5-97a5-d97bbcd68386", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:454e00af-641d-5276-9129-46f3603b7e5d", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51e759f2-84dd-5a43-a40a-1ea6be1bd071", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0006b20c-48c9-59e1-ac9a-fef679cfdcfd", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3da0382-a82b-5f7e-98af-11708f25d880", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbc059df-729a-55c7-b247-18105e212edd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:edd40a84-239a-56a2-a085-66d0993073d2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3436c2e1-d318-586d-b424-951a68a84222", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20e4b516-750c-5da5-9c3f-165a2a740ab2", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48e4d6fb-2b71-567d-b13d-fec37c435006", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e4dc23e-6000-56a0-858c-497b9e43b405", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2fe2051-f10b-54f9-b0ab-a894722b84c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5264084-58ba-5ef3-9547-03bac01b80bd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9d95655-7fa3-5192-8c46-859108a3bf32", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f292e09c-4e73-5bf7-abb3-af13de0b6fbc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e18762ba-1c29-5c73-bcb9-7d19ddfc6255", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77d7cde4-f68e-5f1d-ac3f-4f391d382275", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }