{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1a781d68-577f-5f0a-b859-087a9d9f55fc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:460de620-65a4-549f-84f4-6270e28fb01b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9c09f12-0e7e-5171-b58f-803e3f0af7e8", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ac6299d-31a7-5c75-b7ba-b001d1dafd2c", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdecee12-4c53-5878-829f-c03e1f12fdad", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2a1e69f-cdd9-5694-acee-f57bbb29d60a", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9f87374-1491-590f-a90e-3715ba6dcb19", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d4ceb83-0b28-56cf-9af7-2779db4ec31e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edda8269-2697-58d1-ad74-4df962630edd", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a95b22b9-d134-55e8-90da-9620e507a84a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b94e3dc-cc0f-5ec6-9305-38bc8432f7c5", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1027f07c-f055-5c26-821a-eea5964c6530", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:428b17c4-4a2e-52bc-af7c-1414e925b330", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:859a2d6b-29ea-57b2-9c28-1e28fe0679e5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f83d6b84-7f9f-5916-b8ce-fef560f927eb", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b2f276d-3b03-5e50-b5e3-6284fa1c70b0", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f31c5786-c3f6-543e-8296-d88df02d99f8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b48650a5-c293-5ca4-8df3-1bd0bd511c56", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19534992-f580-5884-8b99-03a50d38b700", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a42a4ca1-9055-56a0-a160-964cb758d961", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57e4775e-13d0-5a8b-bc31-468a96524836", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02e019ee-fc07-550a-9c5d-43d4592982fb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccaa1481-614e-5d81-b75d-eb8fe0f6bed0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b6898e6-2788-5795-b82e-d3f5d1cc86ab", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4abf7499-6ac0-5c98-a2b7-f5cf0b0b4cb6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1beb4bfa-e5ea-5898-94d2-777f9349968a", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bbb5603-7d1d-5652-bf25-da8488baa49d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50494212-47fa-54ce-a2e1-de1d60306bfb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:736a6d9e-ee87-5f42-a565-8f92b2d06e33", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6f83377-c504-52ce-a9c3-e302243ec4b6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bb9d3eb-6215-5be3-bcaa-d514060ebb82", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd4b7cc8-8aa6-5925-a728-c13caf7d5bcd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fa43753-a4db-519d-9e97-6a33425c147a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7992e9c3-3235-5074-bb2e-c2d4efc75569", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a7a2544-9edb-5930-ab61-55e83e10a568", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:452fedf5-8864-50ee-94cf-cedfd4e572af", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe3b7c9f-a483-54f5-b03d-2eea8cb4841c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc679294-de18-510b-b580-7e665c5b89cc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f99b2b68-f0e5-5f1c-9778-522acf9c6502", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e715b26c-9f1f-53ba-a57e-e60ea40700a5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:653d5994-7175-578c-a29c-acb3dc817651", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.3.30.RELEASE-tuxcare.2" } ] }