{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:84f51d6b-6114-59c2-be09-c191662a9fe3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e60f4353-10c1-5bec-ae03-82d79e166a41", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f27f94e6-47f0-5f97-9d36-5eea33b08b22", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffc6787b-38d5-5473-a90a-0da956ab73d2", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16f516c4-a17b-5a4e-a273-6e8d0629686b", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df5a013d-3fca-55d5-b523-26ea969f0a12", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d360702f-ff4e-5f71-b597-bf5922bb85c3", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc45f4f4-3e99-56df-9190-d50f1f6ccd58", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9bae383-e27a-572c-b8d5-fb9618da56f6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:601d6400-72e9-5b5d-9e5f-8f1e75336a1e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08eef654-d31a-5d9b-9d0b-fdb0ff73da3e", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05368920-bf9a-5921-85f2-b39d15165cd5", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f457fbbf-f3ad-5532-b92c-9f26fef8430d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:651f12cb-6de5-5f28-b84f-63fea7aa437b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0e0ae68-0c94-5cb7-955c-21be9b3fdbad", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc858509-0646-5131-a746-7819779dfdc9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c82bf4f-6971-5ff0-8218-0971b4dcc5d2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd53b262-d65e-56d4-9f99-a899be681acb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5263dcb-d07d-525a-9e64-996199d4f7aa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a83cdf0-a3a3-5cfa-9f73-875b65ab4adf", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13ef165c-19be-57d7-82ac-0922bdf36de1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9b1e725-07de-59f9-b085-1844fed515df", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7510e76-ac4f-5304-b768-1b6040bdc715", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae6e384b-e8c7-5304-ac92-a259747e98df", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c528a995-c2b2-56c4-bc8c-a4572cadec47", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41456892-11ad-5562-9b93-50b6c1d2b969", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ccb788b4-7cb1-51ea-990f-20cf4ef6f5d3", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d74abd8-cd27-5b34-9084-2fcc4ef96ec7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6edb7b38-441c-5820-96a5-ce17f707c468", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:251710ac-78bb-5208-b4cf-7d9d2f8ad17b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea559689-64d7-5c30-9bd7-8c9ce198b473", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef1b05f7-9781-5dad-bc11-1ad54942782d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05a21819-1384-5811-8b19-da784c417af5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d099471f-4eda-525f-a01e-f4695ef40676", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:710676de-2e2e-5319-8635-a73e5ac4deec", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1245abd0-9e46-51a3-8efb-e6aff211735a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a7f0aa5-33da-5fbd-b960-5fb6961076b4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38667c91-a65c-5382-a064-6bdcbf4a3598", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:639f239c-e113-5f17-8c78-6276d765a555", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f18d16b-e652-503a-bbe6-367b09791e5e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fa47696-481a-5f44-9aab-130e64ebfff0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.3.30.RELEASE-tuxcare.3" } ] }