{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a098854f-e3b4-5aac-88a8-f1a4855484fb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c09784bd-cbd9-5bcb-bb0a-bb272b6a5ae0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:765c28da-2b95-5fae-8693-94a8cc3fdc01", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9818be7-7213-5d05-b51a-b99c643eee33", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aefabf2b-a3e5-5aa0-9c49-f74eb11ad6f8", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40af2c12-c4ba-5769-892f-6ceae608e6be", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e16ee323-d9b7-5421-a4ee-f349147593b2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b03dcfbc-8acf-5be3-aba3-f692b90e78b4", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee98a5c6-b64e-5f81-853c-856a101248c8", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ece87fc5-a843-50fa-8116-bdd087e2b2f0", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39662ba4-e0ec-5546-a752-22ab9fb6a212", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e80ea34d-7e0f-51a9-b2ac-06f640711899", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7976b2d-cfd3-57ec-9723-f73593f6992f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3450195d-b863-5d05-a447-652efd81cd66", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f40387c-b301-5e8a-9fda-d36aff3f21ff", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6cee2d2-aa35-50c8-b8a5-3565080b62b8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1261a3e7-1b86-567b-b3a7-d70f5212f3c6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01f7a824-be09-599d-a9b7-afc37e833bba", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdd8d360-2152-5978-9342-e05dc7a8a7b9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:acdce779-b4c0-5af8-8dba-840e2d74b545", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:057b3131-ce7d-5f3d-adef-c32e6d1af27a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f2021fc-d8d8-5f3f-95ed-02809930864f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82893a46-7f5b-54bf-94d4-8144ac897b2a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cebb205-b1ad-5965-88d3-f40dfe260708", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6079320f-c705-569c-9e24-dc04533c2d6e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73920027-a51f-5db3-9109-7c60ae99e97a", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb595a3c-6a71-5b3a-87fe-93ef1c0906fa", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcafc025-a6f8-57f7-a60a-fbac23a45a3b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:042bec3f-2a75-50ff-bb87-f3ed010882ee", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6bcc74c-e69e-53c7-acff-6f67a6f81e1c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7515e93a-58cf-545e-92c6-2c1daf142cab", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4158145-bc9d-544e-8c6f-809b9f2cc5bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f56906a-c580-531b-8b20-2f096760092b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed72c9c8-e677-5305-b81e-6f6d7d38732b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b75044ad-b881-5333-8c00-967a6f4cfd39", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a1e5dda-69d0-53e2-a867-b89dd4bbad07", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dec6df2c-b749-5e4a-8d97-8fad801f841a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cbc0b54-7a89-517b-8d73-c6609502c8b5", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c19e4b1d-e3fc-57d9-897c-2b1bf64f4e63", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba619918-c32a-5b3a-ae62-43acbbd579aa", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b72ef70-6f52-560b-b952-a2b5275ca089", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.1" } ] }